The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller) and Citrix Gateway access control systems (formerly known as Citrix NetScaler Gateway) stems from improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of the Citrix ADC application delivery controller formerly Citrix NetScaler Application Delivery Controller and the Citrix Gateway access control system formerly Citrix NetScaler Gateway is related to improper code generation. Exploiting this vulnerability allows a malicious act...

The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access (formerly Citrix Gateway), is related to improper code generation. This allows a malicious individual to execute arbitrary code.

The vulnerability of the access control system for the virtual environment, previously known as Citrix Secure Access formerly Citrix Gateway, is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by having the user navigate to a...

The vulnerabilities of Siemens SIMATIC PCS 7, SIMATIC S7-PM, and SIMATIC STEP 7 operating systems allow attackers to gain increased privileges.

The vulnerability of Siemens SIMATIC PCS 7, SIMATIC S7-PM, and SIMATIC STEP 7 process control systems is related to incorrect code generation. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3922)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3922 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo CVE-2023-29402 golang: cmd/go: go command may execute arbitrary code ...

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises from improper code generation. This allows a perpetrator to execute arbitrary code.

The vulnerability of the StruxureWare Data Center Exper monitoring system is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code when the “end point” parameter in network configuration settings is used...

The vulnerability of the Cgo module in the Go programming language, allowing attackers to execute arbitrary code

The vulnerability of the Cgo module in the Go programming language is related to incorrect code generation during the processing of directory names. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

GO-2023-1839 Code injection via go command with cgo in cmd/go

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

The vulnerability of the Advantech WebAccess remote monitoring software lies in improper code generation, allowing a hacker to execute arbitrary code.

The vulnerability of Advantech WebAccess remote monitoring software is related to improper code generation management. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...

PT-2023-2962 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA versions 9.1.3 and prior Description: The issue is related to incorrect code generation management in the Advantech WebAccess software, which could allow an attacker to overwrite any file in the operating system,...

The vulnerability of the Drive Explorer disk driver for macOS, related to improper code generation, allows a hacker to execute arbitrary code.

The vulnerability of the Drive Explorer disk driver for macOS is related to improper code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

PT-2023-5353 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.1 Description: The issue is related to incorrect code generation management in the OpenEMR software, which can be exploited by a remote attacker to redirect users to an arbitrary URL. Recommendations: For version...

The vulnerability of the SolarWinds Orion Platform’s network monitoring software, related to improper code generation management, allows a intruder to execute arbitrary commands.

The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Ruckus Wireless Admin panel for Ruckus Wireless network devices allows a intruder to execute arbitrary code.

The vulnerability of the Ruckus Wireless Admin network device management panel is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE-SU-2023:2127-1 Security update for go1.19

This update for go1.19 fixes the following issues: Update to 1.19.9 bnc1200441: - CVE-2023-24539: fixed an improper sanitization of CSS values bnc1211029. - CVE-2023-24540: fixed an improper handling of JavaScript whitespace bnc1211030. - CVE-2023-29400: fixed an improper handling of empty HTML...

ChatGPT writes insecure code

Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...

PT-2023-2811 · Solarwinds · Solarwinds Orion Platform +1

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to the SolarWinds Platform, which was susceptible to a Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds...

ROS-20230420-03

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries when checking the number of available bytes of regulated threads. operation exceeds buffer boundaries in memory when checking the number of available...

Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...

GHSA-7V2V-9RM4-7M8F Shopware Has Improper Control of Generation of Code in Twig rendered views

Impact We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list Patches The problem has been fixed with 6.4.20.1 with an improved override...