Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from the client failing to detect a rollback of a delegated target during a target rollback, which could cause th...

GO-2025-3543 WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc

This report has been withdrawn with reason: "Does not affect Go code.". https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 which caused automation to flag as Go; the affected repo is https://github.com/youki-dev/you...

youki 安全漏洞

youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in versions of youki prior to 0.5.3 that stems from a tenant builder accepting a list of features to be added to the tenant container specification during the creation of a tenant...

CBL Mariner 2.0 Security Update: llvm / rust (CVE-2023-29932)

The version of llvm / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-29932 advisory. - llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component...

rust-bootupd bug fix and enhancement update

An update is available for rust-bootupd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

rust bug fix and enhancement update

An update is available for rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust is a systems programming language that runs blazingly fast, prevents...

rust-afterburn bug fix and enhancement update

An update is available for rust-afterburn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

rust-coreos-installer bug fix and enhancement update

An update is available for rust-coreos-installer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

CVE-2025-29787

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

RUSTSEC-2025-0156 `tree-sitter-pkl` was removed from crates.io for malicious code

tree-sitter-pkl was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in March 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

CVE-2023-33289

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service ReDos via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow printing of URLs is not a CVE."...

PT-2025-28031 · Protobuf +1 · Protobuf +1

Name of the Vulnerable Software and Affected Versions: protobuf crate for Rust versions prior to 3.7.2 Description: The issue allows uncontrolled recursion in the protobuf::coded input stream::CodedInputStream::skip group function when parsing unknown fields in untrusted input. This can occur due...

AskAI (=0.1.0), ISP-SDK (>=0.1.0 <=0.2.3) +5221 more potentially affected by CVE-2025-4432 via ring (>=0.13.5 <=0.16.20)

ring CARGO version =0.13.5, =0.1.0, =0.1.0, =0.2.0, =0.10.2, =0.1.0, =0.2.0-beta.4, =0.21.0-alpha.1, =0.1.1, =0.11.0, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: CVE-2025-4432 Source advisory: OSV:RUSTSEC-2025-0009...

Linux Distros Unpatched Vulnerability : CVE-2025-24898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the serv...

AskAI (=0.1.0), ISP-SDK (>=0.1.0 <=0.2.3) +5221 more potentially affected by unknown CVE via ring (>=0.13.5 <=0.16.20)

ring CARGO version =0.13.5, =0.1.0, =0.1.0, =0.2.0, =0.10.2, =0.1.0, =0.2.0-beta.4, =0.21.0-alpha.1, =0.1.1, =0.11.0, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0010...

Linux Distros Unpatched Vulnerability : CVE-2022-46176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and...

Linux Distros Unpatched Vulnerability : CVE-2021-45710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot...

Linux Distros Unpatched Vulnerability : CVE-2022-21658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG w...

Linux Distros Unpatched Vulnerability : CVE-2020-25793

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From...