79 matches found
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization
A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...
CVE-2024-43827
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enablephantomplane, we should better check null pointer before accessing various structs...
CVE-2024-43827
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check before access structs In enablephantomplane, we should better check null pointer before accessing various structs...
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization
A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...
gorilla/schema: Potential memory exhaustion attack due to sparse slice deserialization
A flaw was found in the gorilla/schema package. Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of schema.Decoder.Decode on a struct with arrays ...
The vulnerability of the Jenkins Structs Plugin, related to the disclosure of information through registration files, allows a perpetrator to gain unauthorized access to the protected information.
The vulnerability of the Jenkins Structs Plugin is related to the disclosure of information through registration files. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Malicious code in sol-structs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6d466f5d94859498aa97e45fc82060c447a3004b4ea16e620a3fcc58ed8cfb3e --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: spl-types-rentry-2024-07 Reasons based on the campaign: -...
MAL-2024-10161 Malicious code in sol-structs (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6d466f5d94859498aa97e45fc82060c447a3004b4ea16e620a3fcc58ed8cfb3e --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: spl-types-rentry-2024-07 Reasons based on the campaign: -...
SUSE CVE-2024-37298
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
Potential memory exhaustion attack due to sparse slice deserialization
Details Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. For instance, in the Proof of Concept written below, someone can specify to set a field of the...
DEBIAN-CVE-2024-37298
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
AZL-43146 CVE-2024-37298 affecting package telegraf for versions less than 1.29.4-7
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
UBUNTU-CVE-2024-37298
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...
Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
PT-2024-27455 · Unknown +5 · Gorilla/Schema +5
Name of the Vulnerable Software and Affected Versions: gorilla/schema versions prior to 1.4.1 Description: The issue concerns a memory exhaustion vulnerability in gorilla/schema. When schema.Decoder.Decode is run on a struct that has a field of type struct..., it opens up the possibility of...
CVE-2024-39458
A vulnerability was found in the Jenkins Structs Plugin. When it fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...
GHSA-XFX3-CR74-X3CV Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may...
aendter.jenkins.plugins:filesystem-list-parameter-plugin (=0.0.6), com.adq.jenkins:xml-job-to-job-dsl (>=0.1.1 <=0.1.13) +534 more potentially affected by CVE-2024-39458 via org.jenkins-ci.plugins:structs (>=1.1 <=337.v1b_04ea_4df7c8)
org.jenkins-ci.plugins:structs MAVEN version =1.1, =0.1.1, =2.33.0, =1.9.0, =2.0.1, =2.8, =2.0.12, =1.12, =1.225.v14f9e6b28f53, =1.0.2, =1.28.0, =0.6, =2.37.0, =1.0.0, =1.2.7, =1.3.2 and more Source cves: CVE-2024-39458 Source advisory: OSV:GHSA-XFX3-CR74-X3CV...
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may...
CVE-2024-39458
When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...