Range-Based Loop Execution

vyper is vulnerable to Range-Based Loop Execution. The vulnerability is due to incorrect assertion handling in the code generation of the range statement stmt.parseForrange within file stmt.py, which allows attackers to manipulate loop parameters...

GHSA-PPX5-Q359-PVWJ vyper's range(start, start + N) reverts for negative numbers

Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...

vyper's range(start, start + N) reverts for negative numbers

Summary When looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. Details This issue is caused by an incorrect assertion inserted by the code generation of the range stmt.parseForrange:...

PYSEC-2024-246

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2024-32481

Vyper (Pythonic EVM language) is affected by CVE-2024-32481 in versions from 0.3.8 up to, but not including, 0.4.0b1. The vulnerability arises when looping with range(start, start + N) where start is negative; an incorrect assertion in the code generation of the range statement (stmt.parse_For_ra...

The vulnerability of the ‎AlertUtil::validateExpression (/api/v1/events/subscriptions) method of the OpenMetadata metadata management platform allows a perpetrator to execute arbitrary code.

The vulnerability of the ‎AlertUtil::validateExpression /api/v1/events/subscriptions method of the OpenMetadata platform is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

WordPress plugin Anti-Malware Security and Brute-Force Firewall 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

The vulnerability of the `AlertUtil::validateExpression` method (/api/v1/events/subscriptions/validation/condition/) of the OpenMetadata platform allows a perpetrator to execute arbitrary code.

The vulnerability of the ‎AlertUtil::validateExpression /api/v1/events/subscriptions/validation/condition/ method of the OpenMetadata platform is related to improper handling of code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

The vulnerability of the readCodeFor function in the mysql2 library allows a hacker to execute arbitrary code.

The vulnerability of the readCodeFor function in the mysql2 database library is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the NetWorker Client (nsrexecd) component of the Dell EMC NetWorker backup and recovery system allows a attacker to execute arbitrary code.

The vulnerability of the NetWorker Client nsrexecd component of the Dell EMC NetWorker backup and recovery system is related to improper code generation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Fortinet FortiClient security device for Linux, related to improper code generation management, allows a hacker to execute arbitrary code.

The vulnerability of Fortinet’s FortiClient security device for Linux is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided that the user visits a specially crafted malicious website...

ROS-20240411-05

The vulnerability of the eval function of the ImageMath module of the Pillow image manipulation library is related to incorrect control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

The vulnerability in the software for e-commerce solutions called CE Phoenix (CE PhoenixCart), which allows a hacker to execute arbitrary code.

The vulnerability in the software for electronic commerce, CE Phoenix CE PhoenixCart, involves incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection' due to improper handling of object lifecycles during the failure of CPimcManager object creation. An attacker can execute arbitrary code on the target system by convincing a user t...

PT-2024-3297 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to incorrect code generation management in the Windows DNS server, allowing remote attackers to execute arbitrary code and affect the system. Recommendations...