Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2017-3907 | Code Injection vulnerability in Mcafee Threat Intelligence Exchange 2.1.0 Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | 9.8 |
| 2018-06-11 | CVE-2018-5158 | Code Injection vulnerability in multiple products The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. | 8.8 |
| 2018-06-11 | CVE-2017-7798 | Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. | 8.8 |
| 2018-06-11 | CVE-2018-6512 | Code Injection vulnerability in Puppet Pe-Razor-Server, Puppet Enterprise and Razor-Server The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. | 9.8 |
| 2018-06-08 | CVE-2018-11228 | Code Injection vulnerability in Crestron Toolbox Protocol Firmware 1.502.0047.001 Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). | 9.8 |
| 2018-06-07 | CVE-2017-16151 | Code Injection vulnerability in Electronjs Electron Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. | 9.8 |
| 2018-06-07 | CVE-2017-16082 | Code Injection vulnerability in Node-Postgres PG A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. | 9.8 |
| 2018-06-04 | CVE-2017-16020 | Code Injection vulnerability in Summit Project Summit Summit is a node web framework. | 9.8 |
| 2018-06-01 | CVE-2018-7951 | Code Injection vulnerability in Huawei products The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. | 8.8 |
| 2018-06-01 | CVE-2018-7950 | Code Injection vulnerability in Huawei products The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. | 8.8 |