CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2017-5543
CRITICAL
Subrion 4.0.5 - PHP Object Injection via Salt Cookie
CVSS 9.8
CVE-2016-15044
CRITICAL
Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices
CVE-2016-11064
CRITICAL
Mattermost Desktop App < 3.4.0 - Remote Code Execution via String Injection
CVSS 9.8
CVE-2016-9651
HIGH
Google Chrome < 55.0.2883.75 - Remote Code Execution via V8 JS Object Property Check Bypass
CVSS 8.8
CVE-2016-5402
HIGH
Red Hat CloudForms - Authenticated Remote Code Execution via Capacity and Utilization Control File Processing
CVSS 8.8
CVE-2016-4397
HIGH
HP Network Node Manager i <10.20 - RCE
CVSS 7.8
CVE-2016-4391
CRITICAL
HP ArcSight WINC Connector <7.3.0 - RCE
CVSS 9.8
CVE-2016-10548
MEDIUM
reduce-css-calc <=1.2.4 - Arbitrary Code Execution via Crafted CSS Input
CVSS 6.1
CVE-2016-10546
CRITICAL
PouchDB < 6.0.4 - Remote Code Execution via Map/Reduce Functions
CVSS 9.8
CVE-2016-10541
CRITICAL
shell-quote < 1.6.1 - OS Command Injection via Redirection Operator Escape Bypass
CVSS 9.8
CVE-2016-5713
CRITICAL
Puppet Agent <1.6.0 - Code Injection
CVSS 9.8
CVE-2016-4895
HIGH
Setucocms - Code Injection
CVSS 8.8
CVE-2016-5072
HIGH
OXID eShop < 2016-06-13 - Remote Code Execution via oxuser Class
CVSS 8.8
CVE-2016-1602
HIGH
SUSE Linux Enterprise - Code Injection
CVSS 7.8
CVE-2016-8020
HIGH
Intel Security VirusScan Enterprise Linux <2.0.3 - Code Injection
CVSS 8.0
CVE-2016-8354
HIGH
Schneider Electric Unity PRO < V11.1 - Code Injection
CVSS 7.0
CVE-2016-5727
HIGH
Simple Machines Forum <2.1 - Code Injection
CVSS 8.8
CVE-2016-5726
CRITICAL
Simple Machines Forum <2.1 - Code Injection
CVSS 9.8
CVE-2016-6175
CRITICAL
php-gettext <1.0.12 - Code Injection
CVSS 9.8
CVE-2016-7102
HIGH
owncloud_desktop_client < 2.2.2 - Local Code Execution via Trojan Library in Special Path
CVSS 8.4
CVE-2016-2242
CRITICAL
Exponent CMS 2.x < 2.3.7 Patch 3 - Remote Code Execution via install/index.php sc Parameter
CVSS 9.8
CVE-2016-10157
CRITICAL
Akamai NetSession 1.9.3.1 - Code Injection
CVSS 9.8
CVE-2016-10072
MEDIUM
WampServer 3.0.6 - Privilege Escalation
CVSS 5.3
CVE-2016-7968
MEDIUM
KMail < 5.3.0 - Remote Code Execution via JavaScript in HTML Email
CVSS 6.5
CVE-2016-7967
HIGH
KMail < 5.3.0 - Improper Access Control via QWebEngine JavaScript Execution
CVSS 8.1
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium