Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-03 | CVE-2019-12843 | Code Injection vulnerability in Jetbrains Teamcity A possible stored JavaScript injection requiring a deliberate server administrator action was detected. | 6.1 |
| 2019-07-03 | CVE-2019-10100 | Code Injection vulnerability in Jetbrains Youtrack Integration In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. | 9.8 |
| 2019-07-01 | CVE-2019-1577 | Code Injection vulnerability in Paloaltonetworks Traps 5.0/5.0.5 Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML. | 6.3 |
| 2019-06-28 | CVE-2018-17170 | Code Injection vulnerability in Teamwire 1.5.1 Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. | 8.1 |
| 2019-06-18 | CVE-2018-18836 | Code Injection vulnerability in My-Netdata Netdata 1.10.0 An issue was discovered in Netdata 1.10.0. | 6.5 |
| 2019-06-18 | CVE-2018-18879 | Code Injection vulnerability in Columbiaweather Weather Microserver Firmware Ms2.6.9900 In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | 8.8 |
| 2019-06-17 | CVE-2019-8324 | Code Injection vulnerability in multiple products An issue was discovered in RubyGems 2.6 and later through 3.0.2. | 8.8 |
| 2019-06-06 | CVE-2019-12761 | Code Injection vulnerability in Python Pyxdg 0.25 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. | 7.5 |
| 2019-06-03 | CVE-2017-14853 | Code Injection vulnerability in Orpak Siteomat 6.4.414.084 The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. | 9.8 |
| 2019-05-31 | CVE-2019-9891 | Code Injection vulnerability in Tldp Advanced Bash-Scripting Guide The function getopt_simple as described in Advanced Bash Scripting Guide (ISBN 978-1435752184) allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo. | 9.8 |