ROS-20240411-05

The vulnerability of the eval function of the ImageMath module of the Pillow image manipulation library is related to incorrect control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection' due to improper handling of object lifecycles during the failure of CPimcManager object creation. An attacker can execute arbitrary code on the target system by convincing a user t...

PT-2024-3297 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to incorrect code generation management in the Windows DNS server, allowing remote attackers to execute arbitrary code and affect the system. Recommendations...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

LLVM 安全漏洞

LLVM is a toolkit for building highly optimized compilers, optimizers, and runtime environments for LLVM. A security vulnerability exists in LLVM versions prior to 18.1.3 that stems from the presence of an assembly code generation error problem...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-25096

Improper Control of Generation of Code 'Code Injection' vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7...

PT-2024-21727 · Unknown · Inpersttion Slivery Extender

Name of the Vulnerable Software and Affected Versions: Inpersttion Slivery Extender versions n/a through 1.0.2 Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. Recommendations: For Inpersttion Slivery...

PT-2024-20503 · Cwicly · Cwicly

Name of the Vulnerable Software and Affected Versions: Cwicly versions 1.4.0.2 and earlier Description: The issue is related to improper control of code generation, allowing code injection. This means that an attacker could potentially inject malicious code into the system. Recommendations: For...

ROS-20240328-06

A vulnerability in the libssh library is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper control of co...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Rocky Linux 8 : firefox (RLSA-2024:0955)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...

Fedora: Security Advisory for cglib (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for modello (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jdeparser (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for byte-buddy (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: modello-2.1.2-6.fc40

Modello is a Data Model toolkit in use by the Apache Maven Project. Modello is a framework for code generation from a simple model. Modello generates code from a simple model format based on a plugin architecture, various types of code and descriptors can be generated from the single model,...

[SECURITY] Fedora 40 Update: jdeparser-2.0.3-17.fc40

This project is a fork of Sun's now Oracle's com.sun.codemodel project. We decided to fork the project because by all evidence, the upstream project is dead and not actively accepting outside contribution. All JBoss projects are urged to use this project instead for source code generation...

[SECURITY] Fedora 40 Update: cglib-3.3.0-15.fc40

cglib is a powerful, high performance and quality code generation library for Java. It is used to extend Java classes and implements interfaces at run-time...