Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-2639

Summary
Assigner-hp
Assigner Org ID-74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At-28 Sep, 2014 | 19:00
Updated At-06 Aug, 2024 | 10:21
Rejected At-
Credits

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hp
Assigner Org ID:74586083-13ce-40fd-b46a-8e5d23cfbcb2
Published At:28 Sep, 2014 | 19:00
Updated At:06 Aug, 2024 | 10:21
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
vendor-advisory
x_refsource_HP
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
vendor-advisory
x_refsource_HP
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
Resource:
vendor-advisory
x_refsource_HP
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
vendor-advisory
x_refsource_HP
x_transferred
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:hp-security-alert@hp.com
Published At:28 Sep, 2014 | 19:55
Updated At:06 May, 2026 | 22:30

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
HP Inc.
hp
>>mpio_device_specific_module_manager>>Versions up to 4.01.01(inclusive)
cpe:2.3:a:hp:mpio_device_specific_module_manager:*:*:*:*:*:*:*:*
HP Inc.
hp
>>mpio_device_specific_module_manager>>4.01.00
cpe:2.3:a:hp:mpio_device_specific_module_manager:4.01.00:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122hp-security-alert@hp.com
Patch
Vendor Advisory
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
Source: hp-security-alert@hp.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04048122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

157Records found
CVE-2022-27537
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.83%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:26
Updated-27 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-eliteone_1000_g1_23.8-in_all-in-one_business_firmwareprodesk_400_g4_microtower_firmwarez2_mini_g4_workstationelitebook_x360_1040_g7_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_businesselitebook_845_g8_firmwarezhan_66_pro_15_g2_firmwareelitedesk_800_g6_desktop_miniprobook_x360_11_g7_eeprobook_430_g7elitebook_865_g9elitebook_x360_1030_g7_firmwareelitedesk_800_g5_desktop_minielitebook_735_g6_firmwareelitebook_x360_1030_g4_firmwareelitebook_840_g9_firmwarezhan_66_pro_13_g2probook_430_g8probook_440_g8elitebook_755_g5_firmwareproone_400_g5_23.8-inch_all-in-one_business_firmwarezbook_17_g6zbook_firefly_15_g7engage_flex_pro_retail_systemz2_small_form_factor_g5_workstationzbook_firefly_14_g9elite_sliceprodesk_405_g6_small_form_factorelitedesk_705_g4_small_form_factorprobook_445r_g6_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_firmwareeliteone_800_g8_27_all-in-oneelitebook_630_g9_firmwareelitedesk_800_g6_small_form_factor_firmwareprodesk_480_g4_microtowerproone_440_g6_24_all-in-one_firmwareeliteone_800_g3_23.8-inch_touch_gpu_all-in-one_firmwareprodesk_400_g4_desktop_miniproone_600_g3_21.5-inch_non-touch_all-in-oneelitebook_1040_g3elitebook_735_g5elitedesk_880_g6_towerelitedesk_800_g8_tower_firmwareprobook_640_g4_firmwareelitedesk_800_65w_g3_desktop_mini_firmwareproone_440_g5_23.8-in_all-in-one_business_firmwarezbook_studio_g7_firmwareprodesk_680_g4_microtower_firmwareprodesk_680_g6_firmwarezbook_power_g9zbook_power_g8pro_mini_400_g9elite_x2_1012_g1elitebook_835_g7_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-onepro_mini_400_g9_firmwarezhan_66_pro_g3_24_all-in-one_firmwareproone_400_g6_24_all-in-oneproone_440_23.8_inch_g9_all-in-one_firmwareelitedesk_880_g3_towerzbook_studio_g9_firmwarezbook_studio_x360_g5_firmwareelitedesk_705_g3elitebook_830_g8_firmwarezhan_66_pro_g3_24_all-in-oneprobook_450_g8_firmwareprobook_650_g7elitebook_835_g9_firmwareprodesk_600_g2_desktop_mini_firmwareproone_600_g2_21.5-inch_non-touch_all-in-onemp9_g2_retail_system_firmwarez1_entry_tower_g5_workstation_firmwarepro_x360_fortis_g10prodesk_400_g6_small_form_factorprodesk_400_g4_small_form_factor_firmwareeliteone_1000_g1_23.8-in_all-in-one_businesselitedesk_800_g3_tower_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_businesselitedesk_805_g6_small_form_factor_firmwareprobook_x360_11_g7_ee_firmwarezbook_fury_15_g8_firmwareelite_tower_880_g9_firmwareengage_flex_pro_retail_system_firmwareelitedesk_880_g5_towerproone_400_g3_20-inch_non-touch_all-in-oneengage_flex_pro-c_retail_system_firmwareelitedesk_880_g5_tower_firmwareelitedesk_880_g3_tower_firmwareelitedesk_705_g5_desktop_mini_firmwareelite_dragonfly_g2engage_one_pro_aio_system_firmwarezbook_14u_g5elite_tower_680_g9probook_430_g7_firmwareelitedesk_800_g5_desktop_mini_firmwarezhan_66_pro_g3_22_all-in-oneelitebook_845_g9prodesk_680_g2_microtowerelitedesk_800_35w_g3_desktop_mini_firmwareprodesk_600_g5_desktop_mini_firmwareprobook_455_g6_firmwareprodesk_405_g8_desktop_mini_firmwareprobook_445_g8probook_445_g8_firmwareproone_400_g2_20-inch_non-touch_all-in-one_firmwarez2_small_form_factor_g4_workstation_firmwareprodesk_600_g6_firmwareprobook_fortis_g9_firmwareelitebook_845_g7elitebook_645_g9zhan_66_pro_a_14_g3_firmwarepro_tower_400_g9_firmwareprodesk_480_g7_firmwareeliteone_800_g6_27_all-in-one_firmwareelitedesk_805_g8_desktop_mini_firmwareprodesk_405_g6_desktop_minielitebook_x360_1040_g6probook_455r_g6elite_dragonflyzhan_x_13_g2elitedesk_800_g5_tower_firmwareproone_600_g6_22_all-in-one_firmwarezhan_66_pro_14_g3z1_g9_tower_firmwareeliteone_800_g5_23.8-in_all-in-onepro_sff_400_g9_firmwarezbook_15u_g6probook_630_g8prodesk_600_g3_small_form_factorelitebook_830_g9elitedesk_800_g6_tower_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_firmwareprodesk_480_g5_microtowerelitebook_840_g8_firmwareeliteone_1000_g2_34-in_curved_all-in-one_businessprobook_630_g8_firmwareelitebook_1030_g1_firmwareengage_one_pro_aio_systemprobook_x360_11_g3_eeelitebook_655_g9_firmwareprobook_455r_g6_firmwareprobook_x360_11_g6_eeelitedesk_800_g8_small_form_factorprodesk_600_g2_microtower_firmwareengage_go_mobile_systemelitebook_650_g9_firmwareprobook_640_g8_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_firmwareprodesk_600_g5_small_form_factorprodesk_680_g3_microtower_firmwarez1_g8_towerprobook_455_g8probook_430_g5_firmwareelitedesk_705_g4_desktop_miniz1_entry_tower_g6_workstationzhan_66_pro_a_14_g5elite_x2_g4elitedesk_805_g8_small_form_factor_firmwareprodesk_405_g8_small_form_factorprobook_440_g9_firmwareeliteone_800_g3_23.8-inch_touch_gpu_all-in-oneelite_slice_firmwareprodesk_400_g6_desktop_mini_firmwarezbook_power_g7_firmwarezhan_66_pro_15_g3elitebook_745_g5elitedesk_800_g3_towerz2_tower_g5_workstation_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_businesselite_sff_600_g9_firmwareprodesk_600_g3_microtower_firmwareprodesk_600_g4_microtower_firmwareproone_600_g2_21.5-inch_touch_all-in-onezhan_66_pro_g5_firmwareelitebook_840_aero_g8pro_sff_400_g9probook_x360_11_g5_ee_firmwarepro_tower_480_g9elitebook_x360_1040_g5_firmwareelitedesk_800_35w_g3_desktop_minielitebook_x360_1040_g6_firmwarezhan_66_pro_14_g4_firmwareprodesk_400_g5_small_form_factor_firmwarezhan_66_pro_g1elitedesk_805_g6_small_form_factoreliteone_800_g8_24_all-in-oneeliteone_800_g6_24_all-in-one_firmwareelitedesk_800_65w_g4_desktop_minizbook_fury_15_g7_firmwareelitedesk_800_g6_towereliteone_800_g8_24_all-in-one_firmwareprodesk_480_g4_microtower_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_firmwareprobook_x360_11_g4_ee_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_firmwareprobook_fortis_g10elitebook_840_g6zbook_15_g5prodesk_600_g3_small_form_factor_firmwareelitebook_x360_1040_g7prodesk_680_g4_microtowerelitedesk_800_g6_small_form_factorproone_400_g3_20-inch_touch_all-in-one_firmwareelitebook_x360_830_g8prodesk_405_g6_small_form_factor_firmwareprodesk_480_g6_microtowerprodesk_600_g5_desktop_minielitebook_630_g9prodesk_400_g4_desktop_mini_firmwareelite_x2_1012_g2elitebook_840_g6_firmwarezhan_66_pro_g5prodesk_600_g2_small_form_factor_firmwareeliteone_800_g3_23.8-inch_touch_all-in-one_firmwareprodesk_600_g6_desktop_mini_firmwareelite_mini_800_g9eliteone_1000_g1_34-in_curved_all-in-one_businesseliteone_800_g4_23.8-in_all-in-one_business_firmwareprobook_455_g5_firmwareelitebook_845_g7_firmwarezhan_66_pro_g1_firmwareprodesk_400_g5_desktop_mini_firmwareelitebook_1050_g1elite_tower_600_g9prodesk_600_g6_microtower_firmwareelitebook_x360_830_g6_firmwarezbook_create_g7elitebook_855_g8_firmwareelitedesk_805_g6_desktop_mini_firmwareelitebook_845_g8elitebook_655_g9eliteone_800_g6_24_all-in-oneelite_x2_g8prodesk_400_g7_small_form_factor_firmwarez2_small_form_factor_g8_workstation_firmwarez2_tower_g4_workstation_firmwareprodesk_600_g4_microtowerproone_600_g2_21.5-inch_non-touch_all-in-one_firmwareprobook_x360_435_g8_firmwareprodesk_400_g6_desktop_minizbook_14u_g6_firmwareelitebook_830_g9_firmwareelite_tower_680_g9_firmwareprobook_645_g4probook_x360_440_g1_firmwareelitebook_x360_1030_g3prodesk_600_g4_small_form_factor_firmwareproone_480_g3_20-inch_non-touch_all-in_one_firmwarez2_tower_g5_workstationzbook_firefly_14_g8probook_450_g7elitedesk_705_g4_microtower_firmwareelitedesk_705_g5_small_form_factor_firmwareelitebook_755_g5eliteone_800_g4_23.8-inch_touch_all-in-oneprobook_445r_g6z2_small_form_factor_g4_workstationprobook_x360_435_g8proone_400_g6_20_all-in-oneprobook_650_g8_firmwareeliteone_800_g4_23.8-inch_non-touch_all-in-onez1_g8_tower_firmwareelitebook_x360_1030_g4eliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_firmwareproone_400_g6_20_all-in-one_firmwareprodesk_400_g5_microtower_firmwarezhan_66_pro_15_g2elitebook_745_g5_firmwareprodesk_600_g2_microtowerelite_dragonfly_maxelite_x360_830_g9_2-in-1elitedesk_800_g3_small_form_factor_firmwareelitebook_865_g9_firmwareelitebook_650_g9zbook_15_g6elitedesk_800_g5_small_form_factorzhan_66_pro_a_14_g4_firmwareprodesk_400_g6_small_form_factor_firmwarezbook_studio_g5elite_dragonfly_g3elitebook_1040_g3_firmwareelitedesk_805_g8_desktop_minieliteone_800_g4_23.8-inch_touch_all-in-one_firmwareelite_x2_1012_g2_firmwarez2_mini_g5_workstation_firmwareprodesk_400_g7_microtowerelitedesk_880_g8_towerprobook_650_g4prodesk_680_g3_microtowerrp9_g1_retail_systempro_x360_fortis_g10_firmwareengage_one_aio_system_firmwareprobook_640_g4z2_tower_g8_workstationelitebook_845_g9_firmwareproone_600_g6_22_all-in-oneelite_tower_800_g9proone_400_g3_20-inch_touch_all-in-oneelitebook_1030_g1elitedesk_800_65w_g2_desktop_mini_firmwareengage_go_10_mobile_systemprobook_455_g6zbook_fury_17_g8engage_go_10_mobile_system_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_firmwareeliteone_800_g3_23.8-inch_non-touch_all-in-one_firmwareprodesk_400_g4_small_form_factorprobook_fortis_g10_firmwaremt44_mobile_thin_client_firmwareprobook_640_g7proone_440_g6_24_all-in-oneprobook_450_g5_firmwarezbook_fury_17_g7zbook_15u_g5prodesk_480_g7elitebook_830_g8elite_x2_g4_firmwarezhan_66_pro_14_g3_firmwareproone_400_g4_20-inch_non-touch_all-in-one_businesselite_sff_600_g9mt45_mobile_thin_clientelitebook_830_g5elite_slice_g2zhan_66_pro_a_14_g5_firmwareelitedesk_800_95w_g4_desktop_mini_firmwareprodesk_600_g6_desktop_minimp9_g4_retail_systemelitebook_840_g5_firmwarezbook_14u_g6eliteone_800_g6_27_all-in-oneelitedesk_800_g4_tower_firmwareelitebook_1040_g4zbook_power_g9_firmwareelitedesk_880_g6_tower_firmwareelite_sff_800_g9elitedesk_705_g4_microtowerelitedesk_800_35w_g2_desktop_mini_firmwareeliteone_840_23.8_inch_g9_all-in-onerp9_g1_retail_system_firmwareprobook_x360_11_g3_ee_firmwareprodesk_480_g5_microtower_firmwareelitedesk_705_g4_workstationzhan_66_pro_15_g3_firmwarez1_entry_tower_g6_workstation_firmwareprodesk_600_g4_small_form_factorzbook_studio_g8_firmwareelitebook_x360_830_g7elitebook_x360_1030_g3_firmwareelitebook_850_g8elitedesk_800_65w_g4_desktop_mini_firmwareelitebook_846_g5_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-one_firmwareprobook_635_aero_g8_firmwareelite_dragonfly_g2_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-oneelitedesk_800_35w_g4_desktop_mini_firmwareelitedesk_800_g8_desktop_mini_firmwareelitedesk_705_g4_desktop_mini_firmwareprobook_440_g5elitedesk_800_g5_small_form_factor_firmwareproone_440_g5_23.8-in_all-in-one_businesselitedesk_800_g2_small_form_factorelite_tower_880_g9zbook_studio_g5_firmwarezbook_fury_15_g7probook_640_g5_firmwareelitebook_840_aero_g8_firmwareelite_slice_g2_firmwareelitebook_x360_1040_g8prodesk_405_g8_desktop_minieliteone_1000_g2_23.8-in_all-in-one_businesselitebook_735_g6elitedesk_800_65w_g3_desktop_miniprobook_450_g7_firmwareprobook_650_g4_firmwareprodesk_405_g4_desktop_miniprobook_640_g7_firmwareelitebook_830_g6_firmwarezbook_fury_16_g9_firmwareprobook_430_g6_firmwarezbook_firefly_14_g8_firmwareeliteone_1000_g1_23.8-in_touch_all-in-one_businessprodesk_400_g3_desktop_mini_firmwareelitebook_x360_1030_g8zbook_create_g7_firmwarez2_tower_g4_workstationzbook_17_g6_firmwareelitebook_840_g7elitedesk_800_g3_small_form_factorprobook_445_g6_firmwareprobook_445_g9_firmwarezbook_studio_g7elitebook_645_g9_firmwareelite_tower_800_g9_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_firmwareprodesk_600_g6_small_form_factor_firmwarezhan_66_pro_14_g2proone_400_g6_24_all-in-one_firmwareprobook_440_g9elitedesk_880_g4_towerzbook_fury_16_g9elite_x360_830_g9_2-in-1_firmwaremt45_mobile_thin_client_firmwareeliteone_800_g5_23.8-inch_all-in-one_firmwareprobook_x360_435_g7prodesk_400_g6_microtowerproone_440_23.8_inch_g9_all-in-oneeliteone_800_g8_27_all-in-one_firmwareelitebook_745_g6_firmwareelitedesk_705_g3_firmwareengage_flex_pro-c_retail_systemproone_440_g4_23.8-inch_non-touch_all-in-one_business_firmwareprodesk_600_g3_desktop_miniprobook_470_g5elitebook_745_g6eliteone_800_g3_23.8-inch_touch_all-in-oneeliteone_800_g4_23.8-in_all-in-one_businessprodesk_400_g3_desktop_miniprodesk_600_g4_desktop_minielitedesk_880_g8_tower_firmwareelitebook_830_g7prodesk_400_g6_microtower_firmwareeliteone_800_g3_23.8_non-touch_all-in-one_businesseliteone_840_23.8_inch_g9_all-in-one_firmwareproone_600_g5_21.5-in_all-in-one_business_firmwareelitebook_860_g9elite_dragonfly_max_firmwareelitebook_855_g7eliteone_800_g3_23.8-inch_non-touch_all-in-onez1_entry_tower_g5_workstationprobook_645_g4_firmwareproone_400_g5_23.8-inch_all-in-one_businesselitebook_835_g7elitebook_860_g9_firmwareelitebook_1040_g9prodesk_405_g4_small_form_factor_firmwareprobook_650_g5proone_600_g4_21.5-inch_touch_all-in-one_businesselite_x2_g8_firmwareelitebook_840_g9elitedesk_800_35w_g2_desktop_minipro_tower_400_g9prodesk_600_g4_desktop_mini_firmwareelite_x360_1040_g9_2-in-1_firmwareprobook_440_g7elite_folio_2-in-1elite_mini_800_g9_firmwareelitebook_835_g9prodesk_600_g3_desktop_mini_firmwareelite_sff_800_g9_firmwareprobook_445_g6probook_640_g8probook_455_g9_firmwareelitebook_830_g5_firmwarezbook_firefly_15_g8_firmwaremp9_g4_retail_system_firmwareprobook_650_g8elitebook_836_g6_firmwareelitedesk_800_g4_workstationz2_small_form_factor_g8_workstationprodesk_680_g2_microtower_firmwareprobook_635_aero_g8eliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_firmwareengage_flex_mini_retail_system_firmwareprobook_445_g7_firmwareelitedesk_800_65w_g2_desktop_minielitebook_850_g6_firmwareprobook_455_g5mp9_g2_retail_systemengage_flex_mini_retail_systemelitedesk_800_35w_g4_desktop_minielitebook_846_g5zbook_firefly_15_g7_firmwarez1_g9_towermt46_mobile_thin_client_firmwareeliteone_800_g2_23-inch_non-touch_all-in-one_firmwareprobook_440_g6zbook_studio_g8eliteone_800_g2_23-inch_non-touch_all-in-oneprodesk_600_g2_desktop_minieliteone_1000_g1_23.8-in_touch_all-in-one_business_firmwarezbook_studio_x360_g5elitebook_x360_830_g7_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_business_firmwarez2_tower_g8_workstation_firmwareproone_400_g2_20-inch_touch_all-in-one_firmwareprobook_450_g8zbook_17_g5zbook_firefly_14_g7zhan_66_pro_a_14_g3probook_640_g5zbook_17_g5_firmwareelitebook_850_g5prodesk_600_g5_small_form_factor_firmwareelitedesk_800_g5_towerelitedesk_705_g5_small_form_factorelitebook_840_g5elitedesk_800_g4_small_form_factor_firmwareprodesk_600_g6_small_form_factorprobook_450_g9elitebook_835_g8_firmwarezbook_15u_g5_firmwareprobook_650_g7_firmwarezhan_66_pro_14_g4elitebook_850_g8_firmwarezbook_studio_g9elitebook_850_g7elitedesk_800_g6_desktop_mini_firmwareelitedesk_805_g6_desktop_minielitedesk_805_g8_small_form_factorzbook_15_g6_firmwarezbook_fury_17_g8_firmwareelitedesk_800_g2_small_form_factor_firmwarezbook_15u_g6_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_firmwarezbook_firefly_15_g8elite_x2_1013_g3_firmwareprobook_450_g9_firmwareelitedesk_800_g4_small_form_factorprodesk_600_g6_microtowerprodesk_680_g6elitebook_x360_1040_g5elitebook_x360_1040_g8_firmwareelitebook_x360_830_g5_firmwareprobook_445_g7proone_600_g5_21.5-in_all-in-one_businesselitebook_640_g9elitedesk_800_95w_g4_desktop_minidragonfly_folio_g3_2-in-1elite_dragonfly_firmwarezbook_firefly_14_g9_firmwareelitebook_x360_830_g8_firmwareprobook_445_g9prodesk_400_g4_microtowerprobook_455_g9mt46_mobile_thin_clientelite_dragonfly_g3_firmwarepro_x360_fortis_g9zhan_66_pro_14_g2_firmwareelitedesk_800_g8_desktop_minizbook_15_g5_firmwareeliteone_800_g5_23.8-inch_all-in-oneprobook_450_g5proone_400_g2_20-inch_touch_all-in-oneprodesk_400_g7_microtower_firmwareelitebook_840r_g4_firmwareprobook_x360_435_g7_firmwareeliteone_800_g2_23-inch_touch_all-in-oneprobook_fortis_g9eliteone_800_g2_23-inch_touch_all-in-one_firmwareprodesk_600_g3_microtowerproone_400_g2_20-inch_non-touch_all-in-oneelitedesk_800_g8_small_form_factor_firmwareelitebook_735_g5_firmwareproone_400_g5_20-inch_all-in-one_businesselitebook_840r_g4elitebook_836_g5_firmwareprodesk_405_g4_desktop_mini_firmwareengage_one_aio_systemprodesk_405_g6_desktop_mini_firmwareelitebook_x360_1030_g7probook_x360_11_g4_eezhan_x_13_g2_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_businesselite_x2_1013_g3proone_600_g2_21.5-inch_touch_all-in-one_firmwarezhan_66_pro_a_14_g4zhan_66_pro_g3_22_all-in-one_firmwareprobook_430_g6proone_400_g3_20-inch_non-touch_all-in-one_firmwareelitebook_850_g6elitedesk_800_g8_towerprodesk_400_g5_microtowerprodesk_405_g8_small_form_factor_firmwareproone_400_g5_20-inch_all-in-one_business_firmwarezbook_fury_17_g7_firmwareelitebook_1040_g9_firmwareelitebook_836_g6elitebook_x360_830_g5prodesk_480_g6_microtower_firmwareelite_x360_1040_g9_2-in-1elitebook_836_g5probook_x360_440_g1z2_small_form_factor_g5_workstation_firmwareprodesk_600_g5_microtower_firmwareelitebook_835_g8elitedesk_705_g5_desktop_minielitebook_850_g5_firmwareprobook_440_g7_firmwareelitebook_1040_g4_firmwarezbook_fury_15_g8zbook_14u_g5_firmwareelitebook_x360_830_g6elitedesk_880_g4_tower_firmwareprobook_440_g5_firmwareelitebook_830_g6probook_x360_11_g5_eezbook_firefly_16_g9_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_businesszbook_firefly_16_g9probook_650_g5_firmwareelitedesk_800_g4_towereliteone_800_g3_23.8-inch_non-touch_gpu_all-in-oneprobook_450_g6prodesk_600_g2_small_form_factorelitebook_855_g7_firmwarezbook_power_g7engage_go_mobile_system_firmwareprobook_440_g6_firmwareelite_tower_600_g9_firmwareelitebook_850_g7_firmwareelitebook_x360_1030_g8_firmwareelitedesk_705_g4_workstation_firmwareprobook_455_g7_firmwareprodesk_405_g4_small_form_factorelitebook_840_g8zbook_firefly_14_g7_firmwareprodesk_400_g7_small_form_factorzbook_power_g8_firmwareprobook_455_g8_firmwareprodesk_600_g5_microtowerelitebook_640_g9_firmwareelitebook_830_g7_firmwareprobook_470_g5_firmwaremt44_mobile_thin_clientelitebook_840_g7_firmwareelite_folio_2-in-1_firmwareelitebook_855_g8eliteone_800_g4_23.8-inch_non-touch_all-in-one_firmwareelite_mini_600_g9_firmwareelitedesk_705_g4_small_form_factor_firmwareprodesk_400_g5_desktop_miniprodesk_400_g5_small_form_factordragonfly_folio_g3_2-in-1_firmwarez2_mini_g5_workstationprobook_440_g8_firmwareelitedesk_800_g4_workstation_firmwarepro_x360_fortis_g9_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwareelitebook_1050_g1_firmwareprobook_430_g8_firmwarez2_mini_g4_workstation_firmwareeliteone_800_g5_23.8-in_all-in-one_firmwareelite_x2_1012_g1_firmwareelite_mini_600_g9pro_tower_480_g9_firmwareproone_480_g3_20-inch_non-touch_all-in_oneprodesk_600_g6probook_x360_11_g6_ee_firmwareprobook_430_g5probook_455_g7eliteone_800_g3_23.8_non-touch_all-in-one_business_firmwareHP PC BIOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-2209
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 19.95%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 23:49
Updated-20 Feb, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HP Printer Firmware Update Utility for Certain HP DeskJet Printers - Potential Execution of Arbitrary Code

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution.

Action-Not Available
Vendor-hp_incHP Inc.
Product-7fr52a5ar85a_firmware3xv19a8rk11a7fr61a26k68b_firmware3xv19a_firmware4ws04a_firmware7fr20a_firmware7fr20a7fr21a26k71a_firmware26k72b7fr53a_firmware26k70b26k71a7fr61a_firmware26k69a_firmware26k68a_firmware7fr58a_firmware26k69a26k70a_firmware26k67b_firmware2a9q5a7fr52a_firmware26k72b_firmware7fr57a3xv17a297w8a_firmware297x1a8rk11a_firmware7fr57a_firmware26k70a26k67a_firmware7fr21a_firmware26k72a7fr53a5ar84a4ws04a26k68b26k67a7fr58a297x0a_firmware2a9q5a_firmware26k67b5ar85a5ar84a_firmware3xv17a_firmware26k70b_firmware297x1a_firmware26k68a297x0a5ar83a5ar83a_firmware26k72a_firmware297w8aHP Printer Firmware Update Utilityhp_printer_firmware_update_utility
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-42393
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.84%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 18:58
Updated-12 Aug, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol

There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated RCE attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosHpe Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10instant
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-5097
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.80% / 74.09%
||
7 Day CHG~0.00%
Published-13 Sep, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.

Action-Not Available
Vendor-n/aHP Inc.
Product-palm_pre_webosn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0720
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.86% / 90.64%
||
7 Day CHG~0.00%
Published-05 May, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_network_node_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0208
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.18% / 88.78%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-virtual_roomsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2390
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.09% / 89.88%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-software_updaten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0213
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.92% / 89.69%
||
7 Day CHG~0.00%
Published-07 Feb, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-virtual_roomsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5607
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-16.67% / 94.98%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5604
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-20.10% / 95.53%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.

Action-Not Available
Vendor-n/aHP Inc.
Product-instant_supportn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-1093
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.05% / 93.14%
||
7 Day CHG~0.00%
Published-26 Feb, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Hitachi, Ltd.HP Inc.Microsoft Corporation
Product-hp-uxall_windowsjp1-cm2-network_node_manager_starter_250solariscm2-network_node_managerpa-riscjp1-cm2-network_node_manager_250jp1-cm2-network_node_manager_starteripfiltercm2-network_node_manager_250hi_ux_we2jp1-cm2-network_node_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-6427
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.78% / 73.80%
||
7 Day CHG~0.00%
Published-09 Dec, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

Action-Not Available
Vendor-n/aHP Inc.
Product-linux_imaging_and_printing_projectn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-14353
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-6
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-1.36% / 80.32%
||
7 Day CHG~0.00%
Published-05 Oct, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.

Action-Not Available
Vendor-n/aHP Inc.
Product-ucmdb_foundation_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27868
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:46
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27869
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:40
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-27867
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-08 Jul, 2023 | 18:43
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 code execution

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-4391
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-38.64% / 97.29%
||
7 Day CHG~0.00%
Published-06 Aug, 2018 | 20:00
Updated-06 Aug, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-arcsight_winc_connectorHP ArcSight WINC Connector
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-23477
Matching Score-6
Assigner-IBM Corporation
ShareView Details
Matching Score-6
Assigner-IBM Corporation
CVSS Score-8.1||HIGH
EPSS-0.14% / 32.86%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 17:24
Updated-25 Mar, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513.

Action-Not Available
Vendor-HP Inc.IBM CorporationOracle CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2011-4787
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.3||HIGH
EPSS-0.61% / 70.03%
||
7 Day CHG~0.00%
Published-12 Jan, 2012 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.

Action-Not Available
Vendor-n/aHP Inc.
Product-easy_printer_care_softwaren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-1986
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 79.91%
||
7 Day CHG~0.00%
Published-12 Feb, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.
Product-continuous_delivery_automationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-1985
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-2.41% / 85.20%
||
7 Day CHG~0.00%
Published-30 Jan, 2016 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aHP Inc.Microsoft Corporation
Product-operations_managerwindowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-28893
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.7||HIGH
EPSS-0.35% / 57.55%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 15:45
Updated-14 Jan, 2026 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs).

Action-Not Available
Vendor-HP Inc.
Product-softpaqsHP software packages (SoftPaqs)softpaqs
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-3661
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-8.4||HIGH
EPSS-0.25% / 47.91%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 21:19
Updated-29 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.

Action-Not Available
Vendor-HP Inc.
Product-z2_tower_g5z240_small_form_factorz2_mini_g3_firmwarez840z2_small_form_factor_g4z2_small_form_factor_g8_firmwarezcentral_4r_firmwarez4_g4z2_tower_g4_firmwarez440z2_mini_g3z240_towerz840_firmwarez238_microtower_firmwarezcentral_4rz440_firmwarez2_tower_g5_firmwarez2_mini_g4z8_g4z238_microtowerz2_small_form_factor_g8z2_mini_g4_firmwarez2_mini_g5_firmwarez2_mini_g5z240_small_form_factor_firmwarez6_g4_firmwarez6_g4z240_tower_firmwarez640z640_firmwarez8_g4_firmwarez2_tower_g8_firmwarez2_tower_g8z4_g4_firmwarez2_small_form_factor_g5_firmwarez1_all-in-one_g3z2_small_form_factor_g4_firmwarez2_small_form_factor_g5z1_all-in-one_g3_firmwarez2_tower_g4HP Workstation BIOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-4813
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-6.40% / 91.11%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.

Action-Not Available
Vendor-n/aHP Inc.
Product-procurve_manageridentity_driven_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-4810
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-9.8||CRITICAL
EPSS-89.70% / 99.58%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 18:00
Updated-21 Apr, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Action-Not Available
Vendor-n/aHP Inc.
Product-application_lifecycle_managementprocurve_managern/aProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2013-4830
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.5||HIGH
EPSS-6.73% / 91.36%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-16283
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.92%
||
7 Day CHG~0.00%
Published-09 Jun, 2023 | 17:29
Updated-06 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.
Product-windowssoftpaq_installerHP Softpaq installer
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-29813
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.9||MEDIUM
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 09:55
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-29216
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.8||HIGH
EPSS-0.17% / 37.57%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:35
Updated-22 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in `saved_model_cli` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-29815
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.9||MEDIUM
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-28 Apr, 2022 | 09:55
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-11781
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.8||HIGH
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-17 Sep, 2018 | 14:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxspamassassinenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_desktopApache SpamAssassin
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-4964
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.35%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability."

Action-Not Available
Vendor-n/aCloud Foundry
Product-bosh_azure_cpiCloud Foundry Foundation BOSH Azure CPI Release v22
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-8140
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 38.53%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 20:20
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

Action-Not Available
Vendor-n/aApple Inc.Nextcloud GmbH
Product-desktopmacosDesktop Client
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-8224
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.19% / 40.26%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 13:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.

Action-Not Available
Vendor-n/aNextcloud GmbH
Product-desktopDesktop Client
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4096
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.17% / 37.74%
||
7 Day CHG~0.00%
Published-27 Oct, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command.

Action-Not Available
Vendor-monkeysphere_projectn/a
Product-monkeyspheren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-4038
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 25.32%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. Exploitation of this weakness can result in a limited form of code injection. IBM X-Force ID: 156162.

Action-Not Available
Vendor-IBM Corporation
Product-security_identity_managerSecurity Identity Manager
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-0709
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-17.94% / 95.21%
||
7 Day CHG~0.00%
Published-11 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2230
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.

Action-Not Available
Vendor-reportbug-ngn/a
Product-reportbugreportbug-ngn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-4934
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-5.99% / 90.76%
||
7 Day CHG+0.22%
Published-18 Sep, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.

Action-Not Available
Vendor-phpffln/a
Product-phpffln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-3411
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.08%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 19:08
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelLinux kernel
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-1469
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.10%
||
7 Day CHG~0.00%
Published-14 Aug, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-3652
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-5||MEDIUM
EPSS-0.12% / 30.53%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 14:21
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ENS code injection in EPSetup.exe

Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with access to the installer.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsendpoint_securityMcAfee Endpoint Security (ENS)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-3575
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-03 Jan, 2019 | 19:00
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.

Action-Not Available
Vendor-sqla_yaml_fixtures_projectn/a
Product-sqla_yaml_fixturesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-8415
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.63% / 70.49%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 01:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10powershell_corewindows_server_2019windows_server_2008Windows Server 2008 R2PowerShell CoreWindows 10 ServersWindows Server 2012 R2Windows 10Windows Server 2019Windows Server 2012Windows 8.1Windows 7Windows RT 8.1Windows Server 2016
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-6574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-36.79% / 97.19%
||
7 Day CHG~0.00%
Published-07 Feb, 2018 | 21:00
Updated-05 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGoRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_server_ausgoenterprise_linux_server_tusn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-11421
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.26%
||
7 Day CHG~0.00%
Published-18 Jul, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename.

Action-Not Available
Vendor-gnome-exe-thumbnailer_projectn/a
Product-gnome-exe-thumbnailern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-7102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.17% / 37.45%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloud_desktop_clientn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-41228
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.04%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 22:25
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Code injection in `saved_model_cli`

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-38967
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 13.36%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 16:45
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ Appliance
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-38448
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.13% / 31.55%
||
7 Day CHG~0.00%
Published-22 Nov, 2021 | 18:58
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trane Symbio Improper Control of Generation of Code

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.

Action-Not Available
Vendor-traneTrane
Product-intellipak_1intellipak_2symbio_700symbio_800ascend_air-cooled_chiller_acrodyssey_split_systemsSymbio
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found