181 matches found
RUSTSEC-2024-0365 Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.2.12)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0365...
Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...
PT-2024-40918 · Diesel · Diesel
Name of the Vulnerable Software and Affected Versions: Diesel versions = 2.2.2 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server interpreting...
PT-2024-40507 · Diesel · Diesel
Name of the Vulnerable Software and Affected Versions: Diesel versions prior to 2.2.3 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server...
diesel-abgasbetrug.de Improper Access Control vulnerability OBB-3816358
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-28896
Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...
dieselgeneratortech.com Cross Site Scripting vulnerability OBB-3705689
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious Package
Overview epic-diesel is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious code in diesel-site (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb78d01ad7ff8d210d59657017d35725abab41a1e59657ff43ac4ac0889ac493 The OpenSSF Package Analysis project identified 'diesel-site' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...
diesel-oder-benzin.de Cross Site Scripting vulnerability OBB-3256333
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Malicious code in epic-diesel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d32477c129b3f98cca4a6300e5347c542858769fb85b0ab2280de180d17f06f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-309 Malicious code in epic-diesel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d32477c129b3f98cca4a6300e5347c542858769fb85b0ab2280de180d17f06f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview diesel-site is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Friday Squid Blogging: Grounded Fishing Boat Carrying 16,000 Pounds of Squid
Rough seas are hampering efforts to salvage the boat: The Speranza Marie, carrying 16,000 pounds of squid and some 1,000 gallons of diesel fuel, hit the shoreline near Chinese Harbor at about 2 a.m. on Dec. 15. Six crew members were on board, and all were rescued without injury by another fishing...
partnerportal.dieseltechnic.com Cross Site Scripting vulnerability OBB-2884967
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-J8Q9-5RP9-4MV9 Fix a use-after-free bug in diesels Sqlite backend
An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...
artifact-app (>=0.5.0 <=0.9.2), cargo-registry (=0.1.0) +25 more potentially affected by CVE-2021-28305 via diesel (>=0.10.1 <=1.3.3)
diesel CARGO version =0.10.1, =0.5.0, =0.12.0, =0.8.0, =0.3.0, =0.8.0, =0.7.0, =0.99.0, =0.5.1, =0.11.0, =0.1.0, =0.99.0, =0.1.0, =0.99.0, =1.3.0 and more Source cves: CVE-2021-28305 Source advisory: OSV:GHSA-J8Q9-5RP9-4MV9...
Fix a use-after-free bug in diesels Sqlite backend
An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...
Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration
The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it’s been called...