Nginx 代码问题漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A security vulnerability exists in Nginx NJS version v0.7.5 that stems from a segmentation violation where the JUMP offset of the interrupt directive is not set to the...

PT-2022-17811 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.6.6 Description: The issue is related to improper control of generation of code, also known as 'code injection', and improper input validation in the hestiacp/hestiacp GitHub repository. Recommendations:...

PT-2022-4055 · Vmware · Vmware Vrealize Automation +2

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to incorrect code generation management in the administration platform of VMware Workspace One Access,...

PT-2022-4059 · Vmware · Vmware Vrealize Automation +2

Name of the Vulnerable Software and Affected Versions: VMware Workspace ONE Access, Identity Manager and vRealize Automation affected versions not specified Description: The issue is related to incorrect code generation management in the administration platform of VMware Workspace One Access,...

[SECURITY] Fedora 36 Update: golang-github-google-wire-0.5.0-4.fc36

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-7.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

CVE-2022-31169

Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wasmtime's code generator, Cranelift, for AArch64 targets where constant divisors can result in incorrect division results at runtime. This affects Wasmtime prior to version 0.38.2 and Cranelift prior to 0.85.2. This issue only...

Fedora: Security Advisory for golang-github-cheekybits-genny (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-tinylib-msgp (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-k8s-code-generator-1.22.0-4.fc35

Golang code-generators used to implement Kubernetes-style API types...

[SECURITY] Fedora 35 Update: golang-github-tinylib-msgp-1.1.5-5.fc35

This is a code generation tool and serialization library for MessagePack...

[SECURITY] Fedora 35 Update: golang-github-nicksnyder-i18n-2-2.1.2-5.fc35

go-i18n is a Go package and a command that helps you translate Go programs in to multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository CLDR. - Code and tests are automatically generated from CLDR data. - Supports strings with named...

[SECURITY] Fedora 35 Update: golang-github-google-wire-0.4.0-6.fc35

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35

Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...

[SECURITY] Fedora 35 Update: golang-github-cheekybits-genny-1.0.0-9.20200724git3e22f1a.fc35

Genny is a code-generation generics solution. It allows you write normal buildable and testable Go code which, when processed by the genny gen tool, w ill replace the generics with specific types...

PT-2022-3721 · Microsoft · Windows Network File System +1

Name of the Vulnerable Software and Affected Versions: Windows Network File System affected versions not specified Description: The issue is related to incorrect code generation management in the Windows Network File System NFS, allowing remote attackers to execute arbitrary code and affect the...

PT-2022-3742 · Microsoft · Windows Network File System +1

Name of the Vulnerable Software and Affected Versions: Windows Network File System affected versions not specified Description: The issue is related to incorrect code generation management in the Windows Network File System NFS, allowing remote attackers to execute arbitrary code and affect the...

[SECURITY] Fedora 36 Update: golang-github-google-wire-0.5.0-3.fc36

Wire is a code generation tool that automates connecting components using dependency injection. Dependencies between components are represented in Wire as function parameters, encouraging explicit initialization instead of global variables. Because Wire operates without runtime state or reflectio...

[SECURITY] Fedora 36 Update: golang-github-googleapis-gnostic-0.5.3-6.fc36

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. All users that use generated code by flatbuffers compiler are recommended to: 1. not expose flatbuffer generated code as part of their public APIs 2. audit...