CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2017-3907 MEDIUM
McAfee TIE Server <2.1.0 - Code Injection
CVSS 5.4
CVE-2017-7798 HIGH
Debian Linux < 55.0 - Code Injection
CVSS 8.8
CVE-2017-16151 CRITICAL
Electron < 1.7.8 and < 1.6.14 - Remote Code Execution via Chromium Vulnerability
CVSS 9.8
CVE-2017-16100 CRITICAL
dns-sync < 0.1.1 - OS Command Injection via resolve() Method
CVSS 9.8
CVE-2017-16082 CRITICAL
Node-postgres PG < 2.11.2 - Code Injection
CVSS 9.8
CVE-2017-16042 CRITICAL
Growl < 1.10.2 - OS Command Injection via Improper Input Sanitization
CVSS 9.8
CVE-2017-16020 CRITICAL
Summit 0.1.0-0.1.20 - OS Command Injection via PouchDB Collection Name
CVSS 9.8
CVE-2017-1721 MEDIUM
IBM QRadar Security Information and Event Manager 7.2-7.3 - Unauthenticated Remote Code Execution
CVSS 5.6
CVE-2017-3967 MEDIUM
McAfee Network Security Manager < 8.2.7.42.2 - Cross-Site Scripting via Frame Injection
CVSS 6.1
CVE-2017-1789 CRITICAL
IBM Tivoli Monitoring 6.2.3 and 6.3.0 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2017-16670 HIGH
SoapUI 5.3.0 - Remote Code Execution via WSDL Project File Import
CVSS 7.8
CVE-2017-16905 HIGH
Duolingo TinyCards < 1.0 - Remote Code Execution via Unencrypted HTTP
CVSS 8.1
CVE-2017-1000480 CRITICAL
Smarty 3.0.0-3.1.31 - PHP Code Injection via Custom Resource Template Name
CVSS 9.8
CVE-2017-17098 CRITICAL
GPS Tracking Software <3.0 - Code Injection
CVSS 9.8
CVE-2017-17649 MEDIUM
Readymade Video Sharing Script 3.2 - HTML Injection via Comment Parameter
CVSS 6.1
CVE-2017-16682 HIGH
SAP NetWeaver ITS/Basis - Code Injection
CVSS 7.2
CVE-2017-1336 MEDIUM
IBM Infosphere BigInsights 4.2.0 - Code Injection
CVSS 4.4
CVE-2017-14198 HIGH
Squiz Matrix < 5.3.6.1 and 5.4.x < 5.4.1.3 - Authenticated Remote Code Execution via Time Format Tag
CVSS 8.8
CVE-2017-1001004 HIGH
typed-function < 0.10.6 - Remote Code Execution via Typed Function Name
CVSS 8.8
CVE-2017-1001002 CRITICAL
math.js < 3.17.0 - Remote Code Execution via Typed Function Name Injection
CVSS 9.8
CVE-2017-16664 HIGH
OTRS <5.0.24-4.0.26-3.3.20 - Code Injection
CVSS 8.8
CVE-2017-16544 HIGH
VMware ESXi - Remote Code Execution via BusyBox Tab Autocomplete
CVSS 8.8
CVE-2017-14077 MEDIUM
Securimage < 3.6.4 - HTML Injection via HTTP_USER_AGENT Parameter
CVSS 6.1
CVE-2017-16871 HIGH
UpdraftPlus < 1.13.12 - Authenticated Remote Code Execution via Race Condition in plupload_action
CVSS 8.1
CVE-2017-1000196 CRITICAL
October CMS <build 412 - Code Injection
CVSS 9.8
Details
Vulnerabilities 6,536
Exploit Likelihood Medium