CVE-2019-3695

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

CVE-2019-3695 pcp: Local privilege escalation from user pcp to root

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

CVE-2019-3695

CVE-2019-3695 is an improper control of code generation vulnerability in the packaging of PCP (Performance Co-Pilot) that, on affected SUSE/openSUSE and related builds, allows a local user to execute code as root by placing a script into /var/log/pcp/configs.sh. Affected products and PCP versions...

The vulnerability of the web interface of the Mongo-express database management system for MongoDB allows a hacker to execute arbitrary code on the target system by sending a specially crafted request.

The vulnerability in the web interface of the Mongo-express database management system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system by sending a specially crafted request...

The vulnerability of SAP NetWeaver Application Server Java, related to improper code generation management, allows a perpetrator to execute arbitrary code.

The vulnerability of SAP NetWeaver Application Server Java is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Jira bug tracking system, related to improper code generation management, allows a violator to execute arbitrary code.

The vulnerability of the Jira bug tracking system is related to improper management of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the EPSetup.exe executable file of the McAfee Endpoint Security security tool allows a perpetrator to execute arbitrary code.

The vulnerability of the EPSetup.exe executable file of the McAfee Endpoint Security security tool is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Mediaconversion component of the SAP Commerce Cloud platform allows a hacker to gain full control over the application.

The vulnerability of the Mediaconversion component of the SAP Commerce Cloud platform is related to errors in code generation. Exploiting this vulnerability could allow a malicious actor to gain full control over the application...

The vulnerability of the virtualjdbc component in the SAP Commerce Cloud e-commerce platform allows a hacker to execute arbitrary code.

The vulnerability of the virtualjdbc component in the SAP Commerce Cloud platform is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2019-2208

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2019-2208

CVE-2019-2208 affects Android components (Android 8.1 and 9) with a flaw in V8 JIT code during PromiseBuiltinsAssembler::NewPromiseCapability, causing an out-of-bounds read. This can lead to remote information disclosure without user interaction or privileges. The connected records confirm the is...

CVE-2019-2208

In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...

The vulnerability of the libcurl library, related to improper code generation, allows attackers to escalate their privileges or execute arbitrary code.

The vulnerability of the libcurl library is related to incorrect code generation management. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary code...

thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

The vulnerability of the automation tools for deploying and managing applications in Docker-enabled environments relates to errors in code generation. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments is related to errors in code generation during dynamic library loading. Exploiting this vulnerability can allow a malicious actor to compromise data integrity, gain unauthorized access ...

The vulnerability of the PDF Viewer component in Firefox ESR and Firefox browsers allows a hacker to execute arbitrary code.

The vulnerability of the PDF Viewer component in Firefox ESR and Firefox browsers is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created PDF file...

CVE-2019-13550

Affected product: Advantech WebAccess (HMI/SCADA platform). The issue is CVE-2019-13550: improper authorization in WebAccess 8.4.1 and earlier that may allow an attacker to disclose sensitive information and, via improper control of generation of code, potentially enable remote code execution or ...

The vulnerability of the Windows EnterpriseDB database management system for PostgreSQL allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Windows EnterpriseDB database management system for PostgreSQL involves errors in code generation. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

Rexical Command Injection Vulnerability

A command injection vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. It allows commands to be executed in a subprocess by Ruby's Kernel.open method...

The vulnerability of the Palo Alto Networks Traps software lies in improper code generation management, allowing attackers to execute arbitrary JavaScript or HTML code.

The vulnerability of the Palo Alto Networks Traps software lies in improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript or HTML code...