Fedora: Security Advisory (FEDORA-2023-f81c1ab1e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2024-0066)

The remote NewStart CGSL host, running version MAIN 6.02, has firefox packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - It was possible to construct specific XSLT markup that woul...

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

CVE-2024-45405

Technical details about CVE-2024-45405 are not provided in the connected documents. Public details in the initial entry describe the issue and patch, but no additional technical specifics are available here. Monitor for updates.

CVE-2024-45405 gix-path improperly resolves configuration path reported by Git

gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...

amaryllis (=0.1.0), archivist (=0.0.1) +26 more potentially affected by unknown CVE via webp (>=0.1.3 <=0.2.6)

webp CARGO version =0.1.3, =0.1.0, =0.0.4-alpha, =0.24.6, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.21.0, =0.21.0, =0.21.0, =0.21.0, =0.22.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0443...

SUSE CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...

GHSA-RWQ6-CRJG-9CPW ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call, a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call, a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

CVE-2024-7884

When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

CVE-2024-7884

When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

CVE-2024-7884

The CVE-2024-7884 issue affects Rust canisters using ic_cdk and ic_cdk_timers when calling a canister method via ic_cdk::call*: a bug in CallFuture polling allows multiple internal state references to persist, causing a leaked copy of CallFutureState in the Wasm heap and memory growth. This memor...

CVE-2024-7884 Memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

CVE-2024-7884 Memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

RUSTSEC-2024-0372 Memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call, a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

Memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via iccdk::call, a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...

Rust Canister Development Kit 安全漏洞

Rust Canister Development Kit is a DFINITY open source Rust development kit for Internet computers. A security vulnerability exists in the Rust Canister Development Kit, which is caused by a memory leak where not all references are removed before resolving the Future...

PT-2024-38658 · Ic Cdk · Ic Cdk

Name of the Vulnerable Software and Affected Versions: ic cdk versions 0.8.0 through 0.15.0 Description: A bug in the polling implementation of the CallFuture allows multiple references to be held for the internal state and not all references were dropped before the Future is resolved, causing a...

CVE-2024-43402

Rust is a programming language. The fix for CVE-2024-24576, where std::process::Command incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods...