Lucene search
K

181 matches found

OSV
OSV
added 2024/08/23 12:0 p.m.19 views

RUSTSEC-2024-0365 Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

8.5AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/08/23 12:0 p.m.6 views

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.2.12)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0365...

5.5AI score
Exploits0
RustSec
RustSec
added 2024/08/23 12:0 p.m.7 views

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

8.5AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.6 views

PT-2024-40918 · Diesel · Diesel

Name of the Vulnerable Software and Affected Versions: Diesel versions = 2.2.2 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server interpreting...

8.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.4 views

PT-2024-40507 · Diesel · Diesel

Name of the Vulnerable Software and Affected Versions: Diesel versions prior to 2.2.3 Description: The issue concerns a SQL injection vulnerability that can be exploited by encoding a value larger than 4GiB, causing the length prefix in the protocol to overflow. This can lead to the server...

9.3CVSS8.3AI score
Exploits0References6
Openbugbounty
Openbugbounty
added 2023/12/16 5:51 p.m.5 views

diesel-abgasbetrug.de Improper Access Control vulnerability OBB-3816358

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
OSV
OSV
added 2023/12/01 2:15 p.m.5 views

CVE-2023-28896

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...

2.4CVSS5.8AI score0.0014EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2023/09/24 11:23 a.m.13 views

dieselgeneratortech.com Cross Site Scripting vulnerability OBB-3705689

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Snyk
Snyk
added 2023/05/16 8:19 a.m.0 views

Malicious Package

Overview epic-diesel is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/29 10:29 a.m.2 views

Malicious code in diesel-site (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bb78d01ad7ff8d210d59657017d35725abab41a1e59657ff43ac4ac0889ac493 The OpenSSF Package Analysis project identified 'diesel-site' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2023/04/09 11:32 p.m.7 views

diesel-oder-benzin.de Cross Site Scripting vulnerability OBB-3256333

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/03/31 2:16 a.m.3 views

Malicious code in epic-diesel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d32477c129b3f98cca4a6300e5347c542858769fb85b0ab2280de180d17f06f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/03/31 2:16 a.m.8 views

MAL-2023-309 Malicious code in epic-diesel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d32477c129b3f98cca4a6300e5347c542858769fb85b0ab2280de180d17f06f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Snyk
Snyk
added 2023/03/01 8:18 a.m.2 views

Malicious Package

Overview diesel-site is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Schneier on Security
Schneier on Security
added 2022/12/30 10:56 p.m.13 views

Friday Squid Blogging: Grounded Fishing Boat Carrying 16,000 Pounds of Squid

Rough seas are hampering efforts to salvage the boat: The Speranza Marie, carrying 16,000 pounds of squid and some 1,000 gallons of diesel fuel, hit the shoreline near Chinese Harbor at about 2 a.m. on Dec. 15. Six crew members were on board, and all were rescued without injury by another fishing...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/09/02 5:53 p.m.17 views

partnerportal.dieseltechnic.com Cross Site Scripting vulnerability OBB-2884967

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
OSV
OSV
added 2022/05/24 5:44 p.m.13 views

GHSA-J8Q9-5RP9-4MV9 Fix a use-after-free bug in diesels Sqlite backend

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

9.8CVSS9.4AI score0.01319EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/24 5:44 p.m.3 views

artifact-app (>=0.5.0 <=0.9.2), cargo-registry (=0.1.0) +25 more potentially affected by CVE-2021-28305 via diesel (>=0.10.1 <=1.3.3)

diesel CARGO version =0.10.1, =0.5.0, =0.12.0, =0.8.0, =0.3.0, =0.8.0, =0.7.0, =0.99.0, =0.5.1, =0.11.0, =0.1.0, =0.99.0, =0.1.0, =0.99.0, =1.3.0 and more Source cves: CVE-2021-28305 Source advisory: OSV:GHSA-J8Q9-5RP9-4MV9...

9.8CVSS7.2AI score0.01319EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:44 p.m.16 views

Fix a use-after-free bug in diesels Sqlite backend

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

9.8CVSS2.2AI score0.01319EPSS
Exploits0References4Affected Software1
ThreatPost
ThreatPost
added 2021/05/10 5:42 p.m.72 views

Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration

The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it’s been called...

5.8AI score
Exploits0References31
Rows per page
Query Builder