EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

Fedora 38 : rust (2024-bbb141c1ed)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bbb141c1ed advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380 ClamAV HTML Parser Denial of Service Vulnerability

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...

ClamAV 安全漏洞

ClamAV Clam AntiVirus is a free and open source antivirus program from the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A security vulnerability exists in ClamAV before 1.3.1, before 1.2.3, and before 1.0.6, which stems from a security issue i...

Exploit for CVE-2024-24576

PoC exploit for CVE-2024-24576, a vulnerability in a specific pr...

gix-transport indirect code execution via malicious username

Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...

[SECURITY] Fedora 39 Update: rust-h2-0.3.26-1.fc39

An HTTP/2 client and server...

Fedora 39 : rust-h2 (2024-638f25a317)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-638f25a317 advisory. Update to version 0.3.26. Addresses RUSTSEC-2024-0332. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 38 : rust-h2 (2024-c5b42e6462)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c5b42e6462 advisory. Update to version 0.3.26. Addresses RUSTSEC-2024-0332. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files

"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying libra...

[SECURITY] Fedora 39 Update: rust-1.77.2-1.fc39

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Fedora 39 : rust (2024-6bc17db348)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6bc17db348 advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...

The vulnerability of the application programming interface for the Rust programming language interpreter on Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Rust programming language-based application programming interface for Windows operating systems relates to the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by invoking batch file extensions...

Critical Rust Flaw Renders Windows Systems Vulnerable

...

Exploit for CVE-2024-24576

CVE-2024-24576-Poc-Python A quick POC for the vulnerability di...

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are...

Exploit for CVE-2024-24576

CVE-2024-24576 PoC The Command::arg and Command::ar...

Exploit for CVE-2024-24576

CVE-2024-24576 PoC The Command::arg and Command::ar...