Lucene search
K

9529 matches found

Cvelist
Cvelist
added 2025/07/28 12:0 a.m.12 views

CVE-2023-53158

The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...

4.1CVSS0.00171EPSS
Exploits0References4
NVD
NVD
added 2025/07/27 10:15 p.m.4 views

CVE-2024-58266

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS0.0078EPSS
Exploits0References3
OSV
OSV
added 2025/07/27 10:15 p.m.4 views

CVE-2024-58266

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2025/07/27 10:15 p.m.8 views

AZL-66017 CVE-2024-58266 affecting package rust 1.72.0-14

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS5.8AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 10:15 p.m.4 views

AZL-66035 CVE-2024-58266 affecting package rust for versions less than 1.86.0-3

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS5.8AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 10:15 p.m.5 views

AZL-66029 CVE-2024-58266 affecting package rust 1.75.0-25

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS5.8AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 10:15 p.m.2 views

DEBIAN-CVE-2024-58266

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS5.3AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 10:15 p.m.5 views

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

4.3CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2025/07/27 10:15 p.m.10 views

CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

4.3CVSS0.00387EPSS
Exploits0References3
OSV
OSV
added 2025/07/27 10:15 p.m.5 views

UBUNTU-CVE-2024-58265

The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...

4.3CVSS5.8AI score0.00387EPSS
Exploits0References5
OSV
OSV
added 2025/07/27 10:15 p.m.4 views

UBUNTU-CVE-2024-58266

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

9.8CVSS5.8AI score0.0078EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.6 views

Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

7.5CVSS7.1AI score0.00362EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/27 9:32 p.m.3 views

GHSA-J87P-GJR6-M4PV Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...

3.2CVSS6.2AI score0.00362EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.6 views

Duplicate Advisory: transpose: Buffer overflow due to integer overflow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

5.3CVSS7.4AI score0.00291EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/07/27 9:32 p.m.3 views

GHSA-P444-P2RM-HVRW Duplicate Advisory: transpose: Buffer overflow due to integer overflow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

4.5CVSS6.5AI score0.00291EPSS
Exploits0References6
OSV
OSV
added 2025/07/27 9:32 p.m.2 views

GHSA-G97W-MW7G-V3JV Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation...

2.9CVSS6.2AI score0.00361EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.7 views

Duplicate Advisory: CosmWasm affected by arithmetic overflows

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8724-5xmm-w5xq. This link is maintained to preserve external references. Original Description The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations...

5.3CVSS7AI score0.00418EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.9 views

Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...

5.1CVSS7.1AI score0.00152EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/27 9:32 p.m.8 views

Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation...

7.5CVSS7AI score0.00361EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/07/27 9:32 p.m.4 views

GHSA-4HFF-HH47-7788 Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...

2.9CVSS6.2AI score0.00152EPSS
Exploits0References5
Rows per page
Query Builder