9529 matches found
CVE-2023-53158
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability involving a username field that is more difficult to exploit...
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
AZL-66017 CVE-2024-58266 affecting package rust 1.72.0-14
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
AZL-66035 CVE-2024-58266 affecting package rust for versions less than 1.86.0-3
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
AZL-66029 CVE-2024-58266 affecting package rust 1.75.0-25
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
DEBIAN-CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
UBUNTU-CVE-2024-58265
The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery...
UBUNTU-CVE-2024-58266
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...
Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
GHSA-J87P-GJR6-M4PV Duplicate Advisory: serde-json-wasm stack overflow during recursive JSON parsing
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rr69-rxr6-8qwf. This link is maintained to preserve external references. Original Description The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data...
Duplicate Advisory: transpose: Buffer overflow due to integer overflow
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
GHSA-P444-P2RM-HVRW Duplicate Advisory: transpose: Buffer overflow due to integer overflow
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gmm-6m36-r7jh. This link is maintained to preserve external references. Original Description The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
GHSA-G97W-MW7G-V3JV Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation...
Duplicate Advisory: CosmWasm affected by arithmetic overflows
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8724-5xmm-w5xq. This link is maintained to preserve external references. Original Description The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations...
Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...
Duplicate Advisory: Low severity (DoS) vulnerability in sequoia-openpgp
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9344-p847-qm5c. This link is maintained to preserve external references. Original Description The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation...
GHSA-4HFF-HH47-7788 Duplicate Advisory: curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-x4gp-pqpj-f43q. This link is maintained to preserve external references. Original Description The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is...