CVE-2024-53856

CVE-2024-53856 affects the rPGP library (Rust OpenPGP) where, prior to version 0.14.1, crafted data can trigger panics/crashes in rpgp (e.g., during parsing OpenPGP messages, decrypting, parsing keys, or signing). This can lead to a denial-of-service through program termination. The issue is fixe...

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

dbs-arch (>=0.2.2 <=0.2.3), dbs-boot (>=0.3.0 <=0.4.0) +7 more potentially affected by unknown CVE via kvm-ioctls (>=0.10.0 <=0.18.0)

kvm-ioctls CARGO version =0.10.0, =0.2.2, =0.3.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.0.29, =0.2.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0428...

Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

RUSTSEC-2024-0428 Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

rPGP 安全漏洞

rPGP is a pure Rust implementation of OpenPGP open sourced by rPGP. A security vulnerability exists in rPGP versions prior to 0.14.1. An attacker exploiting this vulnerability could cause resource exhaustion by providing specially crafted messages...

GHSA-WWQ9-3CPR-MM53 vulnerabilities

Vulnerabilities for packages: nushell, wit-bindgen, xh, buck2, cargo-audit, qdrant, wasmcloud, shadowsocks-rust, starship, berg, wadm, tealdeer, pixi, wash, cedar, linkerd2-proxy...

acir (>=0.44.0 <=0.46.0), age (>=0.9.0 <=0.9.3) +115 more potentially affected by unknown CVE via pprof (>=0.10.1 <=0.13.0)

pprof CARGO version =0.10.1, =0.44.0, =0.9.0, =0.4.2, =0.1.0, =0.3.0, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.0.9, =0.1005.0, =0.44.0, =0.46.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0408...

[SECURITY] Fedora 40 Update: rust-zlib-rs-0.4.0-1.fc40

A memory-safe zlib implementation written in rust...

[SECURITY] Fedora 40 Update: rust-rustls-0.23.17-1.fc40

Rustls is a modern TLS library written in Rust...

[SECURITY] Fedora 41 Update: rust-zlib-rs-0.4.0-1.fc41

A memory-safe zlib implementation written in rust...

[SECURITY] Fedora 41 Update: rust-rustls-0.23.17-1.fc41

Rustls is a modern TLS library written in Rust...

Fedora: Security Advisory (FEDORA-2024-632b468c59)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : rust-rustls / rust-zlib-rs (2024-41e6e2fc74)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-41e6e2fc74 advisory. - Update the rustls crate to version 0.23.17. - Update the zlib-rs crate to version 0.4.0. The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 stack...

CVE-2024-32468

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

CVE-2024-32468

Deno (Rust-based runtime) with deno_doc HTML generator vulnerabilities: XSS in generated search_index.js where innerHTML is used on unsanitized HTML, and XSS via un sanitized property, method, and enum names. This affects the deno_doc component and could enable Self-XSS when using deno doc --html...

SurrealDB has an Uncaught Exception Sorting Tables by Random Order

Sorting table records using an ORDER BY clause with the rand function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent change in Rust 1.81. Impact A client that is authorized to run...

flate2 (>=1.0.29 <=1.0.34), libz-rs-sys (>=0.0.1 <=0.3.1) +1 more potentially affected by unknown CVE via zlib-rs (>=0.0.1 <=0.3.1)

zlib-rs CARGO version =0.0.1, =1.0.29, =0.0.1, =0.3.0, =0.3.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0401...