ROS-20220530-03

Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...

GHSA-297X-8XJ4-VCXV Improper Control of Generation of Code in doT

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

Improper Control of Generation of Code in doT

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

GHSA-5XM9-RF63-WJ7H Improper Control of Generation of Code in Spring Security

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

Improper Control of Generation of Code in Spring Security

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

GHSA-49J7-QGHP-5WJ8 Improper Control of Generation of Code in HawtJNI

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

GHSA-R4M4-PMVW-M6J5 Apache Thrift Go Library Command Injection

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

Apache Thrift Go Library Command Injection

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

ar.com.fdvs:DynamicJasper (>=4.0.4 <=5.0.8), br.com.prixma:vraptor-jasperreport (>=1.0.0 <=4.1.1) +379 more potentially affected by CVE-2014-3004 via org.codehaus.castor:castor (>=1.0.5 <=1.2)

org.codehaus.castor:castor MAVEN version =1.0.5, =4.0.4, =1.0.0, =1.6, =1.0, =1.0.14, =1.0.14, =1.0.14, =1.0.33, =1.0.14, =1.0.14, =1.0.33, =1.0.33, =1.0.33, =1.0.14, =1.0.37 and more Source cves: CVE-2014-3004 Source advisory: OSV:GHSA-JWWR-FJGH-CV2X...

GHSA-GH27-38P5-MRXC Improper Control of Generation of Code in Apache Kafka

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

Improper Control of Generation of Code in Apache Kafka

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss...

[SECURITY] Fedora 36 Update: CuraEngine-4.13.1-2.fc36

CuraEngine is a C++ console application for 3D printing G-code generation. It has been made as a better and faster alternative to the old Skeinforge engine. This is just a console application for G-code generation. For a full graphical application look at cura with is the graphical frontend for...

PT-2022-2907 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to incorrect code generation management in the Windows Hyper-V hardware virtualization system for Windows operating systems. It allows remote attackers to execu...

PT-2022-2774 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to incorrect code generation management in the Windows DNS Server component. It allows remote attackers to execute arbitrary code, affecting the system...

PT-2022-2664

Name of the Vulnerable Software and Affected Versions Microsoft Excel affected versions not specified Description The issue is related to incorrect code generation management in Microsoft Excel. It allows a remote attacker to execute arbitrary code. Recommendations At the moment, there is no...

PT-2022-2779 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to incorrect code generation management in the Windows DNS Server. It allows remote attackers to execute arbitrary code, affecting the system. Recommendation...

PT-2022-2666

Name of the Vulnerable Software and Affected Versions Microsoft Excel affected versions not specified Description The issue is related to incorrect code generation management in Microsoft Excel, allowing a remote attacker to execute arbitrary code. This can be exploited by remote attackers,...

PT-2022-2743 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to incorrect code generation management in the Windows DNS Server. It allows remote attackers to execute arbitrary code, affecting the system. Recommendation...

PT-2022-2872 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to incorrect code generation management in the Win32 Stream Enumeration component of Windows operating systems. This allows remote attackers to execute arbitrary code a...

PT-2022-2871 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to incorrect code generation management in the Win32 Stream Enumeration component of Windows operating systems. It allows remote attackers to execute arbitrary code and...