CVEbaza.plSłownik CWECWE-1038
Common Weakness Enumeration

CWE-1038

Insecure Automated Optimizations

Kategoria: ClassCVE: 6
Opis

Produkt wykorzystuje mechanizm automatycznie optymalizujący kod w celu poprawy takich charakterystyk jak wydajność, jednak optymalizacje mogą mieć niezamierzone skutki uboczne naruszające założenia bezpieczeństwa. Efektem może być podatność na ataki lub naruszenie polityki bezpieczeństwa systemu.

Description (EN)

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

Podatności CVE z CWE-1038 (6)
8.1
CVSS
HIGH
CVE-2025-48877

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.

pub. 2025-06-09
7.9
CVSS
HIGH
CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.

pub. 2022-09-06
4.9
CVSS
MEDIUM
CVE-2023-52969

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

pub. 2025-03-08
4.9
CVSS
MEDIUM
CVE-2023-52970

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

pub. 2025-03-08
4.9
CVSS
MEDIUM
CVE-2023-52971

MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.

pub. 2025-03-08
3.0
CVSS
LOW
CVE-2022-31220

Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.

pub. 2022-09-12
Informacje
ID: CWE-1038
Typ: Class
Podatności: 6
MITRE CWE ↗
← Słownik CWE
CWE-1038 — Niezabezpieczone zautomatyzowane optymalizacje | Słownik CWE | CVEbaza.pl