CWE-94

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.

There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device.