CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,541 vulnerabilities with CWE-94
CVE-2013-2115 HIGH
Apache Struts 2.0.0-2.3.14.1 - Remote Code Execution via OGNL Injection in URL/A Tag
CVSS 8.1
CVE-2013-1966
Apache Struts 2.0.0-2.3.14.1 - Remote Code Execution via OGNL Injection in URL/A Tag
CVE-2013-1965
Apache Struts 2.0.0-2.3.13 and Struts2-Showcase 2.0.0-2.3.13 - Remote Code Execution via OGNL Parameter Name Injection
CVE-2013-3178
Microsoft Silverlight <5.1.20513.0 - RCE
CVE-2013-3174
Microsoft Windows - Remote Code Execution via Crafted GIF File
CVE-2013-3171
Microsoft .NET Framework <4.5 - RCE
CVE-2013-3164
Microsoft Internet Explorer 8 - Code Injection
CVE-2013-3162
Microsoft Internet Explorer <11 - Code Injection
CVE-2013-3161
Microsoft Internet Explorer <10 - Code Injection
CVE-2013-3153
Microsoft Internet Explorer <11 - Code Injection
CVE-2013-3152
Microsoft Internet Explorer 10 - Memory Corruption
CVE-2013-3151
Microsoft Internet Explorer 8-10 - Code Injection
CVE-2013-3150
Microsoft Internet Explorer 9 - Memory Corruption
CVE-2013-3149
Microsoft Internet Explorer <8 - Code Injection
CVE-2013-3148
Microsoft Internet Explorer <11 - Code Injection
CVE-2013-3147
Microsoft Internet Explorer <10 - Code Injection
CVE-2013-3146
Microsoft Internet Explorer 10 - Memory Corruption
CVE-2013-3145
Microsoft Internet Explorer 9 - Memory Corruption
CVE-2013-3144
Microsoft Internet Explorer 8-10 - RCE/DoS
CVE-2013-3143
Microsoft Internet Explorer <10 - Code Injection
CVE-2013-3134
Microsoft .NET Framework <4.5 - RCE
CVE-2013-3133
Microsoft .NET Framework <4.5 - RCE
CVE-2013-3132
Microsoft .NET Framework <4.5 - RCE
CVE-2013-3131
Microsoft .NET Framework <4.5 - RCE
CVE-2013-3129 HIGH
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5 - Remote Code Execution via TrueType Font Parsing
CVSS 7.8
Details
Vulnerabilities 6,541
Exploit Likelihood Medium