The vulnerability of the JavaScript library’s template function for working with arrays like Underscore allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the JavaScript library’s template function for working with arrays like Underscore is related to incorrect code generation practices. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Apache Struts Showcase application on the Apache Struts software platform allows a attacker to execute arbitrary OGNL code.

The vulnerability of the Apache Struts Showcase application on the Apache Struts software platform is related to improper code generation. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary OGNL code using a specially created parameter name...

The vulnerability of the StringSubstitutor component in the Apache Common Text library, which allows a hacker to execute arbitrary code.

The vulnerability of the StringSubstitutor component in the Apache Common Text library is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the coverterCheckList function in the meta_driver_srv.js class of software for monitoring and controlling power supply in Eaton Intelligent Power Manager (IPM) allows a attacker to execute arbitrary code.

The vulnerability of the coverterCheckList function in the metadriversrv.js class of software for monitoring and controlling Eaton Intelligent Power Manager IPM is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting t...

PT-2022-5497 · Microsoft · Wdac Ole Db Provider For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to incorrect code generation management in the Microsoft WDAC OLE DB provider for SQL Server. It allows remote attackers to execut...

PT-2022-6359 · Dell Emc · Dell Emc Metro Node

Name of the Vulnerable Software and Affected Versions: Dell EMC Metro node versions prior to 7.1 Description: The issue is related to incorrect code generation management in the system, allowing a remote attacker to execute arbitrary commands. An authenticated nonprivileged attacker could...

The vulnerability of the Enlightenment sysfile implementation of the Enlightenment window manager allows a perpetrator to escalate their privileges.

The vulnerability of the Enlightenment sysytem file for the Enlightenment window manager is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Tacitine Firewall EN6200 Command Injection Vulnerability

Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...

CVE-2022-40628

This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 inclusive, due to improper control of code generation in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit...

CVE-2022-40628

The CVE-2022-40628 affects Tacitine Firewall EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100, versions 19.1.1–22.20.1. Root cause: improper control of code generation in the web-based management interface, enabling an unauthenticated remote attacker to send a crafted HTTP request and execute arbit...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software framework is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

The vulnerability of the setObject function in the dojo library, allowing a hacker to execute arbitrary code

The vulnerability of the setObject function in the dojo library is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability in the iTop web-based IT service management tool arises from improper code generation, allowing an attacker to execute arbitrary code.

The vulnerability of the iTop IT service management web tool is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Spring Framework software platform, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of the Spring Framework software platform is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a specially created .jar file...

The vulnerability of the Portal for ArcGIS web portal, related to improper code generation management, allows a malicious actor to execute arbitrary code.

The vulnerability of the Portal for ArcGIS web portal is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...

CVE-2022-35173

An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation...