Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-12-23 CVE-2016-7787 Code Injection vulnerability in multiple products
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
network
low complexity
kde opensuse CWE-94
4.9
2016-12-22 CVE-2016-7954 Code Injection vulnerability in Bundler
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source.
network
low complexity
bundler CWE-94
critical
9.8
2016-12-17 CVE-2016-9949 Code Injection vulnerability in multiple products
An issue was discovered in Apport before 2.20.4.
local
low complexity
apport-project canonical CWE-94
7.8
2016-12-11 CVE-2016-9862 Code Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-94
7.5
2016-12-09 CVE-2016-5424 Code Injection vulnerability in multiple products
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
network
high complexity
debian postgresql CWE-94
7.1
2016-10-07 CVE-2016-1000003 Code Injection vulnerability in Mirror Manager Project Mirror Manager
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
network
low complexity
mirror-manager-project CWE-94
critical
9.8
2016-09-11 CVE-2016-5149 Code Injection vulnerability in multiple products
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
network
low complexity
google opensuse CWE-94
8.8
2016-09-07 CVE-2016-7110 Code Injection vulnerability in Huawei UMA V200R001/V200R001C00Spc100
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109.
network
low complexity
huawei CWE-94
critical
9.8
2016-09-07 CVE-2016-7109 Code Injection vulnerability in Huawei UMA V200R001/V200R001C00Spc100
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110.
network
low complexity
huawei CWE-94
critical
9.8
2016-09-03 CVE-2015-5721 Code Injection vulnerability in Misp-Project Malware Information Sharing Platform
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
network
low complexity
misp-project CWE-94
critical
9.8