The vulnerability of the Twisted web framework, related to the lack of protective measures for website structures, allows attackers to access confidential data and compromise its integrity.

The vulnerability of the Twisted web framework is related to the lack of security measures for website structures. Exploiting this vulnerability allows a malicious actor to gain access to confidential data and compromise its integrity...

D-Tale Command Execution Vulnerability

D-Tale is the combination of a Flask back-end and a React front-end to bring you an easy way to view & analyze Pandas data structures. In dtale\views.py, under the route @dtale.route"/chart-data/", the query parameters from the request are directly passed into runquery for execution. And...

[SECURITY] Fedora 40 Update: mingw-expat-2.6.3-1.fc40

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 39 Update: apr-1.7.5-1.fc39

The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many operating systems as possible, including Unices, MS Win32, BeOS and OS/2...

[SECURITY] Fedora 41 Update: apr-1.7.5-1.fc41

The mission of the Apache Portable Runtime APR is to provide a free library of C data structures and routines, forming a system portability layer to as many operating systems as possible, including Unices, MS Win32, BeOS and OS/2...

The vulnerability in the Firefox web browser relates to the lack of protection for website structures, allowing attackers to compromise data integrity and cause service interruptions.

The vulnerability in the Firefox web browser is related to the lack of security measures for protecting the structure of web pages. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service interruptions...

CVE-2024-45595 D-Tale allows Remote Code Execution through the Query input on Chart Builder

D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...

BIT-GOLANG-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of website structures, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2024-34156

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Mitigation Mitigation for this issue is either not available o...

CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

UBUNTU-CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-34156

CVE-2024-34156 affects Go’s Decoder.Decode when processing messages with deeply nested structures, leading to a panic from stack exhaustion. The issue is tied to the Go standard library (golang) and has been discussed in Go-related advisories and public postings (e.g., the follow-up to CVE-2022-3...

CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

Uncontrolled Recursion

Overview std/encoding/gob is a Go standard library package std/encoding/gob Affected versions of this package are vulnerable to Uncontrolled Recursion. Go Vulnerability Report: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion...

GO-2024-3106 Stack exhaustion in Decoder.Decode in encoding/gob

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-45395

sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...