CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2017-3907
MEDIUM
McAfee TIE Server <2.1.0 - Code Injection
CVSS 5.4
CVE-2017-7798
HIGH
Debian Linux < 55.0 - Code Injection
CVSS 8.8
CVE-2017-16151
CRITICAL
Electron < 1.7.8 and < 1.6.14 - Remote Code Execution via Chromium Vulnerability
CVSS 9.8
CVE-2017-16100
CRITICAL
dns-sync < 0.1.1 - OS Command Injection via resolve() Method
CVSS 9.8
CVE-2017-16082
CRITICAL
Node-postgres PG < 2.11.2 - Code Injection
CVSS 9.8
CVE-2017-16042
CRITICAL
Growl < 1.10.2 - OS Command Injection via Improper Input Sanitization
CVSS 9.8
CVE-2017-16020
CRITICAL
Summit 0.1.0-0.1.20 - OS Command Injection via PouchDB Collection Name
CVSS 9.8
CVE-2017-1721
MEDIUM
IBM QRadar Security Information and Event Manager 7.2-7.3 - Unauthenticated Remote Code Execution
CVSS 5.6
CVE-2017-3967
MEDIUM
McAfee Network Security Manager < 8.2.7.42.2 - Cross-Site Scripting via Frame Injection
CVSS 6.1
CVE-2017-1789
CRITICAL
IBM Tivoli Monitoring 6.2.3 and 6.3.0 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2017-16670
HIGH
SoapUI 5.3.0 - Remote Code Execution via WSDL Project File Import
CVSS 7.8
CVE-2017-16905
HIGH
Duolingo TinyCards < 1.0 - Remote Code Execution via Unencrypted HTTP
CVSS 8.1
CVE-2017-1000480
CRITICAL
Smarty 3.0.0-3.1.31 - PHP Code Injection via Custom Resource Template Name
CVSS 9.8
CVE-2017-17098
CRITICAL
GPS Tracking Software <3.0 - Code Injection
CVSS 9.8
CVE-2017-17649
MEDIUM
Readymade Video Sharing Script 3.2 - HTML Injection via Comment Parameter
CVSS 6.1
CVE-2017-16682
HIGH
SAP NetWeaver ITS/Basis - Code Injection
CVSS 7.2
CVE-2017-1336
MEDIUM
IBM Infosphere BigInsights 4.2.0 - Code Injection
CVSS 4.4
CVE-2017-14198
HIGH
Squiz Matrix < 5.3.6.1 and 5.4.x < 5.4.1.3 - Authenticated Remote Code Execution via Time Format Tag
CVSS 8.8
CVE-2017-1001004
HIGH
typed-function < 0.10.6 - Remote Code Execution via Typed Function Name
CVSS 8.8
CVE-2017-1001002
CRITICAL
math.js < 3.17.0 - Remote Code Execution via Typed Function Name Injection
CVSS 9.8
CVE-2017-16664
HIGH
OTRS <5.0.24-4.0.26-3.3.20 - Code Injection
CVSS 8.8
CVE-2017-16544
HIGH
VMware ESXi - Remote Code Execution via BusyBox Tab Autocomplete
CVSS 8.8
CVE-2017-14077
MEDIUM
Securimage < 3.6.4 - HTML Injection via HTTP_USER_AGENT Parameter
CVSS 6.1
CVE-2017-16871
HIGH
UpdraftPlus < 1.13.12 - Authenticated Remote Code Execution via Race Condition in plupload_action
CVSS 8.1
CVE-2017-1000196
CRITICAL
October CMS <build 412 - Code Injection
CVSS 9.8
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium