9529 matches found
CVE-2025-53604
The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...
AZL-65556 CVE-2025-53605 affecting package kata-containers for versions less than 3.19.1.kata2-1
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
AZL-65592 CVE-2025-53605 affecting package rust for versions less than 1.72.0-11
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
UBUNTU-CVE-2025-53605
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
CVE-2024-58254
CVE-2024-58254 is rejected/not used; reference CVE-2024-11738 instead.
CVE-2025-53604
The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...
CVE-2025-53604
The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...
CVE-2025-53605
CVE-2025-53605 affects the Rust protobuf crate prior to 3.7.2. The issue is uncontrolled recursion in protobuf::coded_input_stream::CodedInputStream::skip_group when parsing unknown fields from untrusted input, with impact described as availability-related in the CVSS metrics. Connected advisorie...
CVE-2025-53605
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
CVE-2025-53605
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
CVE-2025-53604
The vulnerability CVE-2025-53604 affects the Rust crate web-push prior to version 0.10.3 . The built-in clients are susceptible to a denial-of-service caused by memory consumption when handling a large integer in a Content-Length header. Impact is described as DoS via memory exhaustion in affecte...
CVE-2025-53605
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
Securing Mixed Rust with Hardware Capabilities
The Rust programming language enforces three basic Rust principles, namely ownership, borrowing, and AXM Aliasing Xor Mutability to prevent security bugs such as memory safety violations and data races. However, Rust projects often have mixed code, i.e., code that also uses unsafe Rust, FFI Forei...
web-push crate 安全漏洞
web-push crate is a library for Rust by the individual developer Julius de Bruijn. A security vulnerability exists in web-push crate versions prior to 0.10.3, which stems from a large integer in the Content-Length header that could lead to a denial of service...
protobuf crate 安全漏洞
protobuf crate is a library for Rust by Stepan Koltsov, a personal developer. A security vulnerability exists in protobuf crate versions prior to 3.7.2, which stems from uncontrolled recursion when parsing unknown fields in protobuf::codedinputstream::CodedInputStream::skipgroup...
AlmaLinux 9 : keylime-agent-rust (ALSA-2025:7313)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:7313 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the AlmaLinux...
AlmaLinux 9 : rust-bootupd (ALSA-2025:7241)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:7241 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the AlmaLinux...
Security update for python-cryptography
This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242631 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
SUSE-SU-2025:20463-1 Security update for python-cryptography
This update for python-cryptography fixes the following issues: - CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242631...
SUSE SLED15: himmelblau / himmelblau-sshd-config / libnss_himmelblau2 / etc (SUSE-SU-2025:02166-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02166-1 advisory. - CVE-2025-5791: Fixed using deprecated users crate bsc1244202 - CVE-2025-3416: Fixed use-After-Free in...