9532 matches found
CVE-2025-55159 vulnerabilities
Vulnerabilities for packages: jujutsu, linkerd-extension-init, uv, zola, linkerd2-proxy, buck2, mdbook, pixi, shadowsocks-rust, linkerd2, efs-utils...
GHSA-QX2V-8332-M4FV vulnerabilities
Vulnerabilities for packages: jujutsu, linkerd-extension-init, uv, zola, linkerd2-proxy, buck2, mdbook, pixi, shadowsocks-rust, linkerd2, efs-utils...
Linux Distros Unpatched Vulnerability : CVE-2024-47763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash...
Slab 缓冲区错误漏洞
Slab is a Rust application open-sourced by Tokio. A buffer error vulnerability exists in slab version 0.4.10, which stems from the getdisjointmut method incorrectly checking index ranges, which could lead to accessing uninitialized memory...
Linux Distros Unpatched Vulnerability : CVE-2025-38033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic:...
CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
Medium: rust
Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Issue Correction: Run dnf update rust --releasever...
CVE-2023-53158 affecting package rust for versions less than 1.72.0-8
CVE-2023-53158 affecting package rust for versions less than 1.72.0-8. A patched version of the package is available...
CVE-2024-58266 affecting package rust for versions less than 1.86.0-3
CVE-2024-58266 affecting package rust for versions less than 1.86.0-3. A patched version of the package is available...
AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by unknown CVE via xcb (>=0.10.1 <=1.2.2)
xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0051...
CVE-2025-54804
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
CVE-2025-54804
Russh is a Rust SSH client/server library. In versions ≤0.54.0, CHANNEL_WINDOW_ADJUST handling computes recipient_window_size from the decoded value without proper overflow checks, causing an integer overflow that can crash the server. The issue is fixed in version 0.54.1. Attacker impact is serv...
CVE-2025-54804 Russh is missing an overflow check during channel windows adjust
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
CVE-2025-54804 Russh is missing an overflow check during channel windows adjust
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
CVE-2025-54804
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
Amazon Linux 2 : rust (ALAS-2025-2933)
The version of rust installed on the remote host is prior to 1.86.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2933 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup...
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said. FunkSec,...
Medium: rust
Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
tsify-next is unmaintained, use tsify instead
The tsify-next crate is not maintained any more; use tsify instead...
RUSTSEC-2025-0048 tsify-next is unmaintained, use tsify instead
The tsify-next crate is not maintained any more; use tsify instead...