Lucene search
K

9532 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.9 views

Fedora 44 : uv (2025-18feebeaa7)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-18feebeaa7 advisory. Automatic update for uv-0.8.11-2.fc44. Changelog Tue Sep 2 2025 Benjamin A. Beasley - 0.8.11-2 - Rebuilt with rust-tracing-subscriber-0.3.20 - Fixes...

2.3CVSS5.5AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.5 views

PT-2025-35579

Name of the Vulnerable Software and Affected Versions: rust-ffmpeg version 0.3.0 after commit 5ac0527 Description: An integer overflow vulnerability exists in the Vector::new constructor function. This can lead to a denial of service through a null pointer dereference. The issue arises from an...

7.5CVSS6.5AI score0.00337EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.7 views

PT-2025-35576

Name of the Vulnerable Software and Affected Versions: rust-ffmpeg version 0.3.0 after commit 5ac0527 Description: A null pointer dereference issue exists in the name method of rust-ffmpeg. This flaw occurs because the method does not validate the return value of the av get sample fmt name C...

7.5CVSS6.2AI score0.00337EPSS
Exploits1References5
CVE
CVE
added 2025/09/02 12:0 a.m.16 views

CVE-2025-57612

The CVE-2025-57612 issue affects rust-ffmpeg 0.3.0 (after commit 5ac0527) where name() can dereference NULL when av_get_sample_fmt_name() returns NULL for an unrecognized sample format, leading to denial of service. Documented impact is a high-severity, network-exploitable vulnerability with avai...

7.5CVSS6.3AI score0.00337EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/09/02 12:0 a.m.9 views

CVE-2025-57615

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to cint,...

0.00337EPSS
Exploits1References1
CVE
CVE
added 2025/09/02 12:0 a.m.20 views

CVE-2025-57613

The CVE-2025-57613 entry concerns rust-ffmpeg 0.3.0 (post-commit 5ac0527). The root cause is a null pointer dereference in the input() constructor: if avio_alloc_context() returns NULL, the value is stored and later dereferenced by the Io struct’s Drop implementation, enabling denial of service. ...

7.5CVSS6.2AI score0.00337EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-21299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can...

8.1CVSS7.2AI score0.04771EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-15553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the memoffset crate before 0.5.0 for Rust. offsetof and spanof can cause exposure of uninitialized memory. CVE-2019-15553 Note that...

7.5CVSS7.1AI score0.01751EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2018-20996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. CVE-2018-20996 Note that Nessus...

9.8CVSS7.3AI score0.01744EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-35922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. CVE-2020-35922...

5.5CVSS6.1AI score0.00389EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-35916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always...

5.5CVSS6AI score0.00384EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-20993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. CVE-2018-20993 Note that Nessus...

7.5CVSS7.1AI score0.01411EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-26235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific...

5.3CVSS6.1AI score0.01881EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-45299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. CVE-2022-45299 Note th...

9.8CVSS8.1AI score0.01349EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-20990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. CVE-2018-20990...

7.5CVSS7.1AI score0.01676EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-27943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new. CVE-2022-27943 Note that Nessus relies on the...

5.5CVSS6.5AI score0.00892EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-29787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate...

7.3CVSS6AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2025/08/29 10:15 p.m.7 views

AZL-73220 CVE-2025-58160 affecting package rust 1.75.0-24

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

2.3CVSS6AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/29 9:28 p.m.7 views

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...

2.3CVSS0.00303EPSS
Exploits0References1
CVE
CVE
added 2025/08/29 9:28 p.m.90 views

CVE-2025-58160

CVE-2025-58160 affects Rust tracing-subscriber prior to 0.3.20. Untrusted input with ANSI escape sequences could be injected into terminal output, potentially allowing manipulation of terminal title bars, screen clearing, or display changes. The vulnerability is fixed in 0.3.20 by escaping ANSI c...

2.3CVSS6.5AI score0.00303EPSS
Exploits0References1
Rows per page
Query Builder