9528 matches found
CVE-2024-6382
The CVE-2024-6382 issue affects the MongoDB Rust Driver: vulnerable in 2.0.x releases prior to 2.8.2. The root cause is incorrect handling of certain string inputs, which can cause the driver to construct unintended server commands. Impact described across sources includes unexpected application ...
CVE-2024-6382 Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands.
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...
RUSTSEC-2024-0347 Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
RUSTSEC-2024-0346 Incorrect usage of `#[repr(packed)]`
The affected versions make unsafe memory accesses under the assumption that reprpacked has a guaranteed field order. The Rust specification does not guarantee this, and https://github.com/rust-lang/rust/pull/125360 1.80.0-beta starts reordering fields of reprpacked structs, leading to illegal...
PT-2024-40912 · Softwarex +1 · Softwarex +1
Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.9.7 SoftwareX versions prior to 0.10.3 Description: The issue arises from unsafe memory accesses due to the assumption that reprpacked guarantees a specific field order in structs. However, the Rust specification...
PT-2024-40913 · Softwarex +1 · Softwarex +1
Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.9.7 SoftwareX versions prior to 0.10.4 Description: The issue arises from unsafe memory accesses due to the assumption that reprpacked guarantees a specific field order in structs. However, the Rust specification...
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
...
Regular expression denial of service in Rust's regex crate
...
Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads
The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "Wi...
AitSar (=0.1.1), Hela (>=0.1.0 <=0.1.4) +3613 more potentially affected by unknown CVE via derivative (>=1.0.4 <=2.2.0)
derivative CARGO version =1.0.4, =0.1.0, =0.1.0, =4.3.0, =0.1.0, =0.2.3, =0.1.0, =0.13.0, =0.16.0, =0.1.0, =0.2.0-beta.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0388...
CVE-2022-0326 affecting package rust for versions less than 1.75.0-1
CVE-2022-0326 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...
CVE-2022-0890 affecting package rust for versions less than 1.75.0-1
CVE-2022-0890 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...
CVE-2022-0632 affecting package rust for versions less than 1.75.0-1
CVE-2022-0632 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...
CVE-2022-1201 affecting package rust for versions less than 1.75.0-1
CVE-2022-1201 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...
CVE-2024-28182 affecting package rust for versions less than 1.75.0-1
CVE-2024-28182 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...
CVE-2022-35256 affecting package rust for versions less than 1.75.0-1
CVE-2022-35256 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...
CVE-2022-32214 affecting package rust for versions less than 1.75.0-1
CVE-2022-32214 affecting package rust for versions less than 1.75.0-1. A patched version of the package is available...