Lucene search
K

222 matches found

OSV
OSV
added 2022/05/20 7:30 p.m.25 views

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

4.2CVSS4.9AI score0.00789EPSS
Exploits0References5
CVE
CVE
added 2022/05/20 7:30 p.m.89 views

CVE-2022-29185

CVE-2022-29185 affects the Rust library totp-rs. Prior to version 1.1.0, token comparison was not constant time, which could theoretically allow guessing a TOTP token value and reusing it within the same time window, assuming the attacker knew the password. Patch 1.1.0 introduces a constant-time ...

4.4CVSS4.4AI score0.00789EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/05/20 7:30 p.m.34 views

CVE-2022-29185 Observable Timing Discrepancy in totp-rs

totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password TOTP. Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The...

4.2CVSS5AI score0.00789EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/10 12:0 p.m.10 views

BeerHolderBot (>=0.1.0 <=0.3.6), GetPDB (>=0.1.0 <=1.0.1) +5225 more potentially affected by unknown CVE via hyper (>=0.0.1 <=0.14.11)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0022...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/04/13 12:0 p.m.6 views

ably (=0.1.0), acid-store (>=0.1.0 <=0.13.0) +416 more potentially affected by unknown CVE via rmp-serde (>=0.14.4 <=0.15.5)

rmp-serde CARGO version =0.14.4, =0.1.0, =0.4.3, =0.1.0, =0.8.0, =0.0.1, =0.0.2, =1.1.0, =1.0.1, =0.2.0, =0.3.0 - algonautcore =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0092...

5.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.6 views

The vulnerability of the Rust stack generator library “Generator-rs” lies in improper type conversion, which allows attackers to trigger a service failure.

The vulnerability of the Rust generator library, Generator-rs, is related to the lack of restrictions on the use of types that are not of the Send type. Exploiting this vulnerability allows a remote attacker to cause a service failure...

7.1CVSS6.3AI score0.01094EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2022/01/06 10:17 p.m.2 views

GHSA-P4CR-64X4-F92F Use of Uninitialized Resource in acc_reader.

An issue was discovered in the accreader crate through 2020-12-27 for Rust. fillbuf may read from uninitialized memory locations...

9.8CVSS5.8AI score0.01191EPSS
Exploits0References5
OSV
OSV
added 2022/01/06 10:16 p.m.12 views

GHSA-V2CH-FC8F-QM33 Use of Uninitialized Resource in bite.

An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::readframedmax may read from uninitialized memory locations...

7.5CVSS7.1AI score0.01059EPSS
Exploits0References5
OSV
OSV
added 2022/01/06 10:14 p.m.4 views

GHSA-2RXC-8F9W-FJQ8 Window may read from uninitialized memory locations in rdiff

An issue was discovered in the rdiff crate through version 0.1.2 for Rust. Window may read from uninitialized memory locations...

7.5CVSS7.1AI score0.01059EPSS
Exploits0References5
CNVD
CNVD
added 2021/12/28 12:0 a.m.17 views

Unspecified vulnerability exists in Rust acc_reader crate (CNVD-2022-04013)

Rust accreader crate is a structure that provides an AccReader that wraps an arbitrary instance of std::io::Read and provides an implementation of std::io::Seek for it. Readupto can read data from an uninitialized memory location. No details of the vulnerability are currently available...

9.8CVSS3.6AI score0.01191EPSS
Exploits0References1
OSV
OSV
added 2021/12/27 12:15 a.m.4 views

CVE-2021-45711

An issue was discovered in the simpleasn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f...

7.5CVSS7.2AI score0.0134EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.4 views

CVE-2021-45694

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations...

7.5CVSS5.8AI score0.01059EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.7 views

CVE-2021-45700

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service Nervos CKB blockchain node crash via a dead call that is used as a DepGroup...

7.5CVSS5.8AI score0.01088EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.5 views

CVE-2021-45701

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free...

9.8CVSS5.8AI score0.01191EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.5 views

CVE-2021-45687

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used which is not the the default, a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic...

9.8CVSS5.8AI score0.01123EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.5 views

CVE-2021-45689

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfxauxil::readspirv may read from uninitialized memory locations...

9.8CVSS5.8AI score0.01191EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.6 views

CVE-2021-45702

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free...

7.5CVSS5.8AI score0.01191EPSS
Exploits0References2
OSV
OSV
added 2021/12/27 12:15 a.m.4 views

CVE-2021-45682

An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations...

9.8CVSS5.8AI score0.01191EPSS
Exploits0References2
Fedora
Fedora
added 2021/12/13 12:59 a.m.21 views

[SECURITY] Fedora 34 Update: rust-tiny_http0.6-0.6.4-1.fc34

Low level HTTP server library...

0.7AI score0.01065EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/09/20 7:54 p.m.32 views

Wrong type for `Linker`-define functions when used across two `Engine`s

Impact As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of...

6.3CVSS6.4AI score0.00295EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder