876 matches found
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. This happens because it allows redeferral of functions during byte code generation.This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800,...
Information disclosure
Edger8r tool in the Intel SGX SDK before version 2.1.2 Linux and 1.9.6 Windows may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information...
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
UBUNTU-CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
Command injection
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
DEBIAN-CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2016-5397
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...
CVE-2014-3651
Affected product: JBoss KeyCloak before 1.0.3.Final. Vulnerability: remote attackers can cause denial of service by sending a large value in the size parameter to auth/qrcode, related to QR code generation (resource consumption). Root cause: excessive resource usage leading to DoS. Impact: availa...
SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2017:2526-1)
This update for gcc48 fixes the following issues: Security issues fixed : - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdse...
SUSE-SU-2017:2526-1 Security update for gcc48
This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdsee...
Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage
Microsoft Edge: Chakra: Incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule CVE-2017-8646 PushPopFrameHelper is a class that pushes the current stack frame object in its constructor and pops it in the destructor. So it should be used like "PushPopFrameHelp...
CVE-2016-8020
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter...
CVE-2016-8020
Affected software : McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. Vulnerability : CVE-2016-8020 — improper control of generation of code, allowing an authenticated remote attacker to execute arbitrary code via a crafted HTTP request parameter. Impact : remote code execution with...
OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
CVE-2016-5618
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...
CVE-2016-5618
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...
CVE-2016-5602
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...
CVE-2016-5602
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...