9528 matches found
RUSTSEC-2024-0375 `atty` is unmaintained
The maintainer of atty has published an official notice that the crate is no longer under development, and that users should instead rely on the functionality in the standard library's IsTerminal trait. Alternatives - std::io::IsTerminal - Stable since Rust 1.70.0 and the recommended replacement...
PT-2024-40922 · Atty +1 · Atty +1
Name of the Vulnerable Software and Affected Versions: atty affected versions not specified Description: The maintainer of atty has announced that the crate is no longer under development. Users are recommended to rely on the functionality in the standard library's IsTerminal trait instead...
GLSA-202409-07 : Rust: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202409-07 Rust: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from th...
Rust: Multiple Vulnerabilities
Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
GHSA-2326-PFPJ-VX3H lexical-core has multiple soundness issues
RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...
lexical-core has multiple soundness issues
RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...
Internet Bug Bounty: `std::process::Command` batch files argument escaping could be bypassed with trailing whitespace or periods
The Rust Security Response WG disclosed a vulnerability in the std::process::Command module on Windows, where it incorrectly escaped arguments when invoking batch files. This allowed for bypassing the fix by including trailing whitespace or periods in the batch file name, which are ignored and...
Malicious code in rust-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 879e91954c530c7fda9e73575ef2f4a945be9a29a5761866d4a4470b32469ce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8875 Malicious code in rust-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 879e91954c530c7fda9e73575ef2f4a945be9a29a5761866d4a4470b32469ce1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
afarray (>=0.1.0 <=0.15.1), b-table (>=0.1.0 <=0.2.1) +42 more potentially affected by unknown CVE via get-size (>=0.1.3 <=0.1.4)
get-size CARGO version =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.10.0, =0.1.0, =0.8.0, =0.1.0, =0.3.1, =0.3.3, =0.1.0, =0.9.1, =0.14.0 - pathlink =0.1.0 - poseidon-bn128 =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0425...
afarray (>=0.1.0 <=0.15.1), b-table (>=0.1.0 <=0.2.1) +38 more potentially affected by unknown CVE via get-size-derive (>=0.1.2 <=0.1.3)
get-size-derive CARGO version =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.10.0, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.3.1, =0.9.1, =0.0.6, =0.1.0, =0.8.0, =0.9.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0427...
RHSA-2024:3418 Red Hat Security Advisory: rust security update
Bulletin has no description...
RHSA-2024:3428 Red Hat Security Advisory: rust-toolset:rhel8 security update
Bulletin has no description...
RHSA-2023:4651 Red Hat Security Advisory: rust-toolset-1.66-rust security update
Bulletin has no description...
RHSA-2023:4635 Red Hat Security Advisory: rust-toolset:rhel8 security update
Bulletin has no description...
RHSA-2023:4634 Red Hat Security Advisory: rust security update
Bulletin has no description...
RHSA-2022:1894 Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2021:4270 Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2021:3063 Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2021:2243 Red Hat Security Advisory: rust-toolset-1.49 and rust-toolset-1.49-rust update
Bulletin has no description...