Sliver - Implant Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTPS, and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant a...

CVE-2018-19002

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash...

[SECURITY] Fedora 28 Update: CuraEngine-lulzbot-3.2.23-1.fc28

CuraEngine-lulzbot is a C++ console application for 3D printing G-code gene ration. It has been made as a better and faster alternative to the old Skeinforge engi ne. This is just a console application for G-code generation. For a full graphi cal application look at cura-lulzbot which is the...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This happens because it allows redeferral of functions during byte code generation.This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800,...

Information disclosure

Edger8r tool in the Intel SGX SDK before version 2.1.2 Linux and 1.9.6 Windows may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

UBUNTU-CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

Command injection

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

DEBIAN-CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2014-3651

Affected product: JBoss KeyCloak before 1.0.3.Final. Vulnerability: remote attackers can cause denial of service by sending a large value in the size parameter to auth/qrcode, related to QR code generation (resource consumption). Root cause: excessive resource usage leading to DoS. Impact: availa...

SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2017:2526-1)

This update for gcc48 fixes the following issues: Security issues fixed : - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdse...

SUSE-SU-2017:2526-1 Security update for gcc48

This update for gcc48 fixes the following issues: Security issues fixed: - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdsee...

Microsoft Edge Chakra PushPopFrameHelper Incorrect Usage

Microsoft Edge: Chakra: Incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule CVE-2017-8646 PushPopFrameHelper is a class that pushes the current stack frame object in its constructor and pops it in the destructor. So it should be used like "PushPopFrameHelp...

CVE-2016-8020

Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter...

CVE-2016-8020

Affected software : McAfee VirusScan Enterprise for Linux (VSEL) 2.0.3 and earlier. Vulnerability : CVE-2016-8020 — improper control of generation of code, allowing an authenticated remote attacker to execute arbitrary code via a crafted HTTP request parameter. Impact : remote code execution with...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

CVE-2016-5618

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine...