CVE-2024-44073

The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...

CBL Mariner 2.0 Security Update: rust (CVE-2024-32884)

The version of rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32884 advisory. - gitoxide is a pure Rust implementation of Git. gix-transport does not check the username part of a URL for tex...

Miniscript 安全漏洞

Miniscript is a Rust Bitcoin open source library for working with Miniscript. A security vulnerability exists in versions of Miniscript prior to 12.2.0 that stems from a failure to properly track the depth of a tree, thereby consuming the stack...

CBL Mariner 2.0 Security Update: libcxx / llvm / rust (CVE-2024-31852)

The version of libcxx / llvm / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31852 advisory. - LLVM before 18.1.3 generates code in which the LR register can be overwritten without data bei...

OPENSUSE-SU-2024:0254-2 Security update for chromium, gn, rust-bindgen

This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 boo1228941 CVE-2024-7532: Out of bounds memory access in ANGLE CVE-2024-7533: Use after free in Sharing CVE-2024-7550: Type Confusion in V8 CVE-2024-7534: Heap buffer overflow in Layout CVE-2024-7535:...

CVE-2024-32884 affecting package rust for versions less than 1.72.0-8

CVE-2024-32884 affecting package rust for versions less than 1.72.0-8. A patched version of the package is available...

CVE-2024-31852 affecting package rust for versions less than 1.72.0-8

CVE-2024-31852 affecting package rust for versions less than 1.72.0-8. A patched version of the package is available...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

Russh has an OOM Denial of Service due to allocation of untrusted amount

Summary Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. Details An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length. After parsing and potentially decrypting the 4-byte length, russh allocates enough memory...

CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

CVE-2024-32884 affecting package rust for versions less than 1.75.0-9. A patched version of the package is available...

CVE-2024-31852 affecting package rust for versions less than 1.75.0-9

CVE-2024-31852 affecting package rust for versions less than 1.75.0-9. A patched version of the package is available...

CVE-2024-31852 affecting package rust for versions less than 1.75.0-9

CVE-2024-31852 affecting package rust for versions less than 1.75.0-9. A patched version of the package is available...

CVE-2024-32884 affecting package rust for versions less than 1.75.0-9

CVE-2024-32884 affecting package rust for versions less than 1.75.0-9. A patched version of the package is available...

databend-common-ast (>=0.0.0 <=0.0.2), foyer-common (>=0.8.0 <=0.8.1) +10 more potentially affected by unknown CVE via minitrace (>=0.3.1 <=0.6.7)

minitrace CARGO version =0.3.1, =0.0.0, =0.8.0, =0.8.0, =0.1.7, =0.3.0, =0.6.4, =0.3.0, =0.5.0, =0.1.0, =0.1.1 - risinglight =0.1.3 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0390...

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being...

cauuu (>=0.1.0 <=0.1.1), cosmwasm-check (>=1.1.0 <=1.3.4) +16 more potentially affected by unknown CVE via cosmwasm-vm (>=0.10.1 <=1.3.4)

cosmwasm-vm CARGO version =0.10.1, =0.1.0, =1.1.0, =0.13.2, =0.4.0, =0.4.0, =0.2.0, =0.4.0, =0.2.0, =0.2.1, =0.1.12, =0.1.13 - terra-math =0.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0361...

ROS-20240805-02

A vulnerability in the implementation of the application program interface of the Rust programming language interpreter for Windows operating systems is related to the introduction or modification of arguments. Windows operating systems is related to the introduction or modification of arguments...

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...