Mozilla Firefox Security Advisory (MFSA2023-09) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2023-09. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

PT-2023-1753 · Microsoft · Windows Resilient File System +1

Name of the Vulnerable Software and Affected Versions: Windows Resilient File System ReFS affected versions not specified Description: The issue is related to errors in code generation management in the Windows Resilient File System ReFS. It allows an attacker to potentially elevate privileges in...

ChatGPT: A tool for offensive cyber operations?! Not so fast!

ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...

CVE-2023-27477

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

Code injection

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

CVE-2023-27477

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

The vulnerability of the Path.Combine method in the modular software solution for managing material flows and inventory control processes in the Kardex Mlog Control Center (MCC) allows a perpetrator to execute arbitrary code.

The vulnerability of the Path.Combine method in the modular software solution for managing material flows and inventory control processes in the Kardex Mlog Control Center MCC is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the MSHTML platform in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Microsoft Windows operating systems is related to improper code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Dell EMC Metro node’s data storage management system, related to improper code generation, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Dell EMC Metro node’s data storage management system is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability of Microsoft Exchange Server’s mail server, related to improper code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server lies in improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request remotely...

The vulnerability of Microsoft Exchange Server’s mail server, related to improper code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M, related to errors during code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the microprogramming software of the input/output controller for controlling and monitoring the Control By Web X-600M is related to errors during code generation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by running scripts written ...

The vulnerability of the Azure DevOps Server software, related to improper code generation management, allows a attacker to execute arbitrary code.

The vulnerability of Azure DevOps Server lies in improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

SUSE CVE-2009-1102

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."...

SUSE CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

SUSE CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

SUSE CVE-2019-3695

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Developmen...

The vulnerability in the web interface of the Pulse Connect Secure VPN server for corporate networks allows a perpetrator to execute arbitrary code.

The vulnerability in the web interface of the administrator’s VPN server for corporate networks, Pulse Connect Secure, is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PT-2023-1397 · Microsoft · Azure Devops Server

Name of the Vulnerable Software and Affected Versions: Azure DevOps Server affected versions not specified Description: The issue is related to incorrect code generation management in Azure DevOps Server, which can be exploited by a remote attacker to execute arbitrary code. Recommendations: At t...