The vulnerability of Audiodriver in Windows Media Player on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of Audiodriver in Windows Media Player on the Windows operating system is related to errors in code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2020-4157 · Microsoft · Windows Media Audio Decoder +1

Name of the Vulnerable Software and Affected Versions: Windows Media Audio Decoder affected versions not specified Description: A remote code execution issue exists due to improper handling of objects by Windows Media Audio Decoder, allowing an attacker to potentially take control of an affected...

Huawei EulerOS: Security Advisory for pcp (EulerOS-SA-2020-1873)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

CVE-2020-24240

GNU Bison before 3.7.1 has a use-after-free in obstackfree in lib/obstack.c called from gramlex when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug...

openapi-python-client Arbitrary Code Generation vulnerability

Impact Clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. Giving this a CVSS of 8.0 high with CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C . Patches Fix will be...

openSUSE Security Update : nasm (openSUSE-2020-952)

This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...

openSUSE Security Update : nasm (openSUSE-2020-954)

This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...

openSUSE: Security Advisory for nasm (openSUSE-SU-2020:0954-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the SAP Business Objects Business Intelligence Platform, related to errors in code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the SAP Business Objects Business Intelligence Platform is related to errors in code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the rpm package for operating systems Red Hat Enterprise Linux and OpenSUSE Leap allows a hacker to execute arbitrary code.

The vulnerability of the rpm package for PCP operating systems such as Red Hat Enterprise Linux and OpenSUSE Leap is related to errors in code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2020-14150

GNU Bison before 3.5.4 allows attackers to cause a denial of service application crash. NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash...

Node.js third-party modules: Arbitrary code execution via untrusted schemas in is-my-json-valid

I would like to report an arbitrary code execution vulnerability in is-my-json-valid. It allows to execute arbitrary code if an attacker-controlled schema is passed to is-my-json-valid. The module Readme doesn't say anything about the risks of untrusted schemas, so I by default assume that this i...

PT-2020-6072 · Npm · Serialize-Javascript

Name of the Vulnerable Software and Affected Versions: serialize-javascript versions prior to 3.1.0 Description: The issue is related to errors in code generation management in the deleteFunctions function of the serialize-javascript library. Exploitation of this issue may allow a remote attacker...

The vulnerability of the MQTT protocol implementation on the Apache ActiveMQ software platform allows a intruder to trigger a service failure.

The vulnerability of the MQTT protocol implementation on the Apache ActiveMQ software platform is related to improper code generation. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Timelion, the virtualization service for Kibana data visualization, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Timelion virtualization service for Kibana visualization data is related to insufficient control over code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

pcp: Local privilege escalation in pcp spec file %post section

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

PT-2020-6327 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.3.4 and earlier Magento versions 2.2.11 and earlier Magento versions 1.14.4.4 and earlier Magento versions 1.9.4.4 and earlier Description: The issue is related to incorrect code generation management in the Magento Commerc...

The vulnerability of the components of Apex One and OfficeScan anti-virus software allows a hacker to execute arbitrary code.

The vulnerability of the Apex One and OfficeScan anti-virus software components is related to errors in code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2019-3695

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...