1538 matches found
Command injection
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
DEBIAN-CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2014-3651
Affected product: JBoss KeyCloak before 1.0.3.Final. Vulnerability: remote attackers can cause denial of service by sending a large value in the size parameter to auth/qrcode, related to QR code generation (resource consumption). Root cause: excessive resource usage leading to DoS. Impact: availa...
The vulnerability of the _mediaLibraryPlayCb function in the Pitivi video editor allows a hacker to execute arbitrary code.
The vulnerability of the mediaLibraryPlayCb function in the mainwindow.py file of the Pitiv video editor is related to incorrect handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metashell frameworks along the way to the target fil...
The vulnerability of the install/index.php script of the Exponent CMS system allows a hacker to execute arbitrary code.
The vulnerability of the Exponent CMS content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sc parameter in the install/index.php script...
The vulnerability of microprogramming software that uses UEFI (BIOS) stems from improper handling of code generation, allowing attackers to bypass System Protection mechanisms such as Device Guard and Hyper-V.
The vulnerability of microprogramming software that uses UEFI BIOS in Lenovo products is related to improper code generation. Exploiting this vulnerability allows a malicious actor, whether operating remotely with administrator privileges or locally, to execute specially crafted code that bypasse...
SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2017:2526-1)
This update for gcc48 fixes the following issues: Security issues fixed : - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdse...
SUSE-SU-2017:2526-1 Security update for gcc48
This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdsee...
The vulnerability of the OpenSUSE operating system, related to improper code generation management, allows attackers to inject arbitrary code.
The vulnerability of the OpenSUSE operating system is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to inject arbitrary code during the execution of certain services, using the built-in version 2.1 service...
Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage
Microsoft Edge: Chakra: Incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule CVE-2017-8646 PushPopFrameHelper is a class that pushes the current stack frame object in its constructor and pops it in the destructor. So it should be used like "PushPopFrameHelp...
The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a hacker to bypass the sandbox mechanism or cause a service failure.
The vulnerability of the McAfee VirusScan Enterprise antivirus software is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to bypass the sandbox mechanism or trigger a service failure through a specially crafted HTTP request...
CVE-2016-8020
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter...
CVE-2016-8020
Affected software : McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. Vulnerability : CVE-2016-8020 — improper control of generation of code, allowing an authenticated remote attacker to execute arbitrary code via a crafted HTTP request parameter. Impact : remote code execution with...
OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
CVE-2016-5618
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...
CVE-2016-5618
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...
CVE-2016-5602
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...
CVE-2016-5602
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...