CVE-2024-43806 affecting package rust for versions less than 1.72.0-9

CVE-2024-43806 affecting package rust for versions less than 1.72.0-9. A patched version of the package is available...

CVE-2024-56327 Malicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrage

pyrage is a set of Python bindings for the rage file encryption library age in Rust. pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. S...

GHSA-47H8-JMP3-9F28 pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin...

pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin...

rcc-solana (=0.1.0) potentially affected by unknown CVE via spl-token-swap (=3.0.0)

spl-token-swap CARGO version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on spl-token-swap and may be impacted: - rcc-solana =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0426...

cvars-console-fyrox (>=0.1.0 <=0.5.0), fyrox (>=0.24.0 <=0.27.1) +7 more potentially affected by unknown CVE via fyrox-core (>=0.19.0 <=0.28.1)

fyrox-core CARGO version =0.19.0, =0.1.0, =0.24.0, =0.1.0, =0.3.0, =0.26.0, =0.15.0, =0.11.0, =0.12.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0435...

pyrage 代码注入漏洞

pyrage is a Python binding for rage by the individual developer William Woodruff. A code injection vulnerability exists in pyrage versions 1.2.0, 1.2.1, and 1.2.2, which stems from a vulnerability in the Rust age crate on which it depends...

RUSTSEC-2024-0437 Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

Brains (>=0.1.0 <=0.2.0), Route16 (=0.0.1) +973 more potentially affected by CVE-2025-53605 via protobuf (>=0.0.10 <=3.7.1)

protobuf CARGO version =0.0.10, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.13.0, =0.11.0, =0.11.0, =1.1.0, =0.4.3, =0.1.0, =0.1.0, =0.1.0, =0.17.0 and more Source cves: CVE-2025-53605 Source advisory: OSV:RUSTSEC-2024-0437...

Fedora: Security Advisory (FEDORA-2024-5a5f401785)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: rust-rbspy-0.24.0-3.fc41

Sampling CPU profiler for Ruby...

[SECURITY] Fedora 41 Update: rust-rustls-0.23.19-1.fc41

Rustls is a modern TLS library written in Rust...

[SECURITY] Fedora 40 Update: rust-rbspy-0.24.0-3.fc40

Sampling CPU profiler for Ruby...

[SECURITY] Fedora 40 Update: rust-rustls-0.23.19-1.fc40

Rustls is a modern TLS library written in Rust...

Fedora 40 : rust-rustls (2024-5a5f401785)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5a5f401785 advisory. Update to version 0.23.19. This version includes fix for RUSTSEC-2024-0399. Tenable has extracted the preceding description block directly from the Fedora...

Fedora 41 : rust-rustls (2024-0d14d0d2f9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d14d0d2f9 advisory. Update to version 0.23.19. This version includes fix for RUSTSEC-2024-0399. Tenable has extracted the preceding description block directly from the Fedora...

gtk-layer-shell (>=0.1.0 <=0.8.2), hybrid-bar (>=0.4.7 <=0.4.9) +3 more potentially affected by unknown CVE via gtk-layer-shell-sys (>=0.0.1 <=0.7.0)

gtk-layer-shell-sys CARGO version =0.0.1, =0.1.0, =0.4.7, =0.3.0, =0.1.0, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0423...

BiliupApi (>=0.1.0 <=0.1.7), BrewStillery (>=6.0.1 <=6.0.2) +6288 more potentially affected by CVE-2024-12224 via idna (>=0.1.5 <=0.5.0)

idna CARGO version =0.1.5, =0.1.0, =6.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.3, =0.3.2, =1.0.3, =0.1.0, =0.1.0, =0.1.1, =0.1.8 and more Source cves: CVE-2024-12224 Source advisory: OSV:RUSTSEC-2024-0421...

CVE-2024-53857

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys...

CVE-2024-53856

rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1...