CWE-913

Improper Control of Dynamically-Managed Code Resources

Parent: CWE-664 - Improper Control of a Resource Through its Lifetime

The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

90 vulnerabilities with CWE-913

CVE-2020-15568 CRITICAL

TerraMaster TOS <4.1.29 - Code Injection

CVSS 9.8

CVE-2020-3419 MEDIUM

Cisco Webex Meetings Server - Unauthenticated Meeting Access via Authentication Token Bypass

CVSS 6.5

CVE-2020-25803 MEDIUM

Crafter CMS <3.0.27, <3.1.7 - Command Injection

CVSS 4.2

CVE-2020-25802 MEDIUM

Crafter CMS <3.0.27, <3.1.7 - Command Injection

CVSS 4.2

CVE-2020-15372 MEDIUM

Brocade Fabric OS <v8.2.2a1-9.0.0 - Privilege Escalation

CVSS 5.5

CVE-2020-4100 MEDIUM

HCL Verse for Android - Code Injection

CVSS 4.4

CVE-2019-15006 MEDIUM

Confluence 6.11.0-6.13.9 and 6.14.0-6.15.9 - Man-in-the-Middle via Companion App Communication

CVSS 6.5

CVE-2019-1617 HIGH

Cisco NX-OS 9.2-9.2(2) - Unauthenticated Denial of Service via FCoE NPV Packet Processing

CVSS 7.4

CVE-2019-1595 HIGH

Cisco NX-OS < 7.3(5)n1(1) - Unauthenticated Denial of Service via FCoE Packet Handling

CVSS 7.4

CVE-2018-19836 MEDIUM

Metinfo 6.1.3 - Arbitrary HTTP Header Injection via applogin.php

CVSS 6.1

CVE-2017-3202 CRITICAL

Exadel Flamingo amf-serializer 2.2.0 - Deserialization of Untrusted Data via AMF3

CVSS 9.8

CVE-2017-3200 HIGH

GraniteDS - Remote Code Execution via AMF3 Deserialization

CVSS 8.1

CVE-2014-9852 CRITICAL

ImageMagick < 6.9.4-0 - Use-After-Free in distribute-cache.c

CVSS 9.8

CVE-2012-2055 HIGH

GitHub Enterprise <20120304 - Info Disclosure

CVSS 7.5

CVE-2006-7079 CRITICAL

exV2 content_management_system < 2.0.4.3 - Remote Code Execution via $xoopsOption['pagetype'] Variable Manipulation

CVSS 9.8

Details

Vulnerabilities 90

Links