9532 matches found
Fedora 44 : uv (2025-18feebeaa7)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-18feebeaa7 advisory. Automatic update for uv-0.8.11-2.fc44. Changelog Tue Sep 2 2025 Benjamin A. Beasley - 0.8.11-2 - Rebuilt with rust-tracing-subscriber-0.3.20 - Fixes...
PT-2025-35579
Name of the Vulnerable Software and Affected Versions: rust-ffmpeg version 0.3.0 after commit 5ac0527 Description: An integer overflow vulnerability exists in the Vector::new constructor function. This can lead to a denial of service through a null pointer dereference. The issue arises from an...
PT-2025-35576
Name of the Vulnerable Software and Affected Versions: rust-ffmpeg version 0.3.0 after commit 5ac0527 Description: A null pointer dereference issue exists in the name method of rust-ffmpeg. This flaw occurs because the method does not validate the return value of the av get sample fmt name C...
CVE-2025-57612
The CVE-2025-57612 issue affects rust-ffmpeg 0.3.0 (after commit 5ac0527) where name() can dereference NULL when av_get_sample_fmt_name() returns NULL for an unrecognized sample format, leading to denial of service. Documented impact is a high-severity, network-exploitable vulnerability with avai...
CVE-2025-57615
An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. The vulnerability stems from an unchecked cast of a usize parameter to cint,...
CVE-2025-57613
The CVE-2025-57613 entry concerns rust-ffmpeg 0.3.0 (post-commit 5ac0527). The root cause is a null pointer dereference in the input() constructor: if avio_alloc_context() returns NULL, the value is stored and later dereferenced by the Io struct’s Drop implementation, enabling denial of service. ...
Linux Distros Unpatched Vulnerability : CVE-2021-21299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hyper is an open-source HTTP library for Rust crates.io. In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can...
Linux Distros Unpatched Vulnerability : CVE-2019-15553
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the memoffset crate before 0.5.0 for Rust. offsetof and spanof can cause exposure of uninitialized memory. CVE-2019-15553 Note that...
Linux Distros Unpatched Vulnerability : CVE-2018-20996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. CVE-2018-20996 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2020-35922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. CVE-2020-35922...
Linux Distros Unpatched Vulnerability : CVE-2020-35916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. In the case of LLVM, the IR may be always...
Linux Distros Unpatched Vulnerability : CVE-2018-20993
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. CVE-2018-20993 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2020-26235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific...
Linux Distros Unpatched Vulnerability : CVE-2022-45299
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. CVE-2022-45299 Note th...
Linux Distros Unpatched Vulnerability : CVE-2018-20990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. CVE-2018-20990...
Linux Distros Unpatched Vulnerability : CVE-2022-27943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangleconst, as demonstrated by nm-new. CVE-2022-27943 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2025-29787
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate...
AZL-73220 CVE-2025-58160 affecting package rust 1.75.0-24
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
CVE-2025-58160
CVE-2025-58160 affects Rust tracing-subscriber prior to 0.3.20. Untrusted input with ANSI escape sequences could be injected into terminal output, potentially allowing manipulation of terminal title bars, screen clearing, or display changes. The vulnerability is fixed in 0.3.20 by escaping ANSI c...