Lucene search
K

9534 matches found

CVE
CVE
added 2025/10/01 4:49 p.m.33 views

CVE-2025-11233

CVE-2025-11233 affects Rust when using the tier 3 Cygwin target (x86_64-pc-cygwin) with Rust 1.87.0 up to 1.88.x. The standard library Path API failed to handle backslash-separated components on Cygwin, potentially enabling path traversal or unsafe filesystem operations. Rust 1.89.0 fixes the iss...

6.3CVSS6.5AI score0.00482EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/01 4:49 p.m.8 views

CVE-2025-11233 Rust standard library didn't detect all path separators on Cygwin

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

6.3CVSS0.00482EPSS
Exploits0References2
Fedora
Fedora
added 2025/10/01 3:2 p.m.8 views

[SECURITY] Fedora 41 Update: python-nh3-0.2.15-7.fc41

Python binding to Ammonia HTML sanitizer Rust crate...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/10/01 3:2 p.m.6 views

[SECURITY] Fedora 41 Update: rust-ammonia-3.3.1-1.fc41

HTML Sanitization...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/10/01 2:45 p.m.7 views

[SECURITY] Fedora 42 Update: python-nh3-0.2.21-2.fc42

Python binding to Ammonia HTML sanitizer Rust crate...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/10/01 2:45 p.m.7 views

[SECURITY] Fedora 42 Update: rust-ammonia-4.0.1-1.fc42

HTML Sanitization...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/10/01 12:21 a.m.8 views

[SECURITY] Fedora 43 Update: rust-ammonia-4.1.2-1.fc43

HTML Sanitization...

6.9AI score
Exploits0
Fedora
Fedora
added 2025/10/01 12:21 a.m.9 views

[SECURITY] Fedora 43 Update: python-nh3-0.2.21-8.fc43

Python binding to Ammonia HTML sanitizer Rust crate...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/01 12:0 a.m.4 views

Fedora 42 : python-nh3 / rust-ammonia (2025-7ec84ba6e9)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-7ec84ba6e9 advisory. Update the ammonia crate to version 4.0.1 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...

5.6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.9 views

PT-2025-40278

Name of the Vulnerable Software and Affected Versions Rust versions 1.87.0 through 1.88.9 Description The standard library’s Path API did not correctly handle path separators on the tier 3 Cygwin target x86 64-pc-cygwin in versions prior to 1.89.0. This caused the API to ignore path components...

6.3CVSS6.6AI score0.00482EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.7 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust version 1.87.0 through versions prior to 1.89.0, which stems from improper handling of path separators and could lead to a path traversal attack or malicious file system...

6.3CVSS6.3AI score0.00482EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.9 views

Amazon Linux 2023 : glycin-loaders (ALAS2023-2025-1193)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1193 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...

2.3CVSS5.5AI score0.00303EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.3 views

Fedora 43 : python-nh3 / rust-ammonia (2025-074aba6ad4)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-074aba6ad4 advisory. Update the ammonia crate to version 4.1.2 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...

5.6AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.3 views

SandCell: Sandboxing Rust beyond Unsafe Code

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...

7.6AI score
Exploits0
Fedora
Fedora
added 2025/09/26 1:10 a.m.9 views

[SECURITY] Fedora 42 Update: rust-az-snp-vtpm-0.7.4-1.fc42

VTPM based SEV-SNP attestation for Azure Confidential VMs...

6.5CVSS7AI score0.00465EPSS
Exploits0
Fedora
Fedora
added 2025/09/26 1:10 a.m.11 views

[SECURITY] Fedora 42 Update: rust-az-tdx-vtpm-0.7.4-1.fc42

VTPM based TDX attestation for Azure Confidential VMs...

6.5CVSS7AI score0.00465EPSS
Exploits0
Fedora
Fedora
added 2025/09/26 1:10 a.m.9 views

[SECURITY] Fedora 42 Update: rust-az-cvm-vtpm-0.7.4-3.fc42

Package with shared code for Azure Confidential VMs...

6.5CVSS7.2AI score0.00465EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/09/25 7:59 a.m.5 views

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fastlog to steal Solana and Ethereum wallet keys from source code. The crates, named fasterlog and asyncprintln, were published by the threat actor under the alias rustguruman and...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/25 12:0 a.m.4 views

Fedora 42 : rust-az-cvm-vtpm / rust-az-snp-vtpm / rust-az-tdx-vtpm / etc (2025-2408b72979)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-2408b72979 advisory. Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust patches to work with 'sev' version 6...

6.5CVSS6.5AI score0.00465EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/23 10:0 p.m.5 views

Malicious Package

Overview asyncprintln is a malicious package. Two malicious Rust crates, fasterlog impersonates the legitimate fastlog library and asyncprintln attempt to scan source files for Quoted Ethereum private keys 0x + 64 hex, Solana-style Base58 secrets and Bracketed byte arrays to later exfiltrate...

9.3CVSS7.1AI score
Exploits0References2
Rows per page
Query Builder