9529 matches found
CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
CVE-2024-58264
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
SUSE CVE-2022-50237
The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...
SUSE CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
SUSE CVE-2023-53158
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...
SUSE CVE-2023-53160
The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic...
SUSE CVE-2023-53161
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic...
SUSE CVE-2024-58261
The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type...
SUSE CVE-2024-58262
The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM...
SUSE CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
GHSA-Q5H2-XQ96-6GMC Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-29mf-62xx-28jq. This link is maintained to preserve external references. Original Description The buffered-reader crate before 1.2.0 for Rust allows out-of-bounds array access and a panic...
Duplicate Advisory: buffered-reader vulnerable to out-of-bounds array access leading to panic
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-29mf-62xx-28jq. This link is maintained to preserve external references. Original Description The buffered-reader crate before 1.2.0 for Rust allows out-of-bounds array access and a panic...
Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-25mx-8f3v-8wh7. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic...
GHSA-RFX3-FFRP-6875 Duplicate Advisory: sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-25mx-8f3v-8wh7. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic...
GHSA-G693-V3JR-8HCR Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...
Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...
GHSA-GW89-822V-8V8G Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references. Original Description The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to...
GHSA-5C5J-JMHX-Q2GR Duplicate Advisory: gix-transport code execution vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...
Duplicate Advisory: gix-transport code execution vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rrjw-j4m2-mf34. This link is maintained to preserve external references. Original Description The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone...
CVE-2023-53161
The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic...