Apollo Router Security Vulnerability

Apollo Router is a configurable, high-performance graphical router written in Rust. A security vulnerability exists in Apollo Router that stems from enabling GraphQL subscriptions, which in some cases can cause the Router to experience an emergency and terminate...

Important: rust

Issue Overview: Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files...

GHSA-C2HM-MJXV-89R4 Multiple soundness issues in lexical

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses

Impact An issue was discovered in the default implementations of the VolatileMemory::getatomicref, alignedasref, alignedasmut, getref, getarrayref trait functions, which allows out-of-bounds memory access if the VolatileMemory::getslice function returns a VolatileSlice whose length is less than t...

GHSA-49HH-FPRX-M68G Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses

Impact An issue was discovered in the default implementations of the VolatileMemory::getatomicref, alignedasref, alignedasmut, getref, getarrayref trait functions, which allows out-of-bounds memory access if the VolatileMemory::getslice function returns a VolatileSlice whose length is less than t...

IMAPServer (=0.1.0), actson (>=0.2.0 <=0.3.0) +475 more potentially affected by unknown CVE via lexical (>=2.2.4 <=6.1.1)

lexical CARGO version =2.2.4, =0.2.0, =0.1.0, =0.8.0, =0.1.0, =0.11.0, =0.2.0, =0.1.0, =0.6.0, =0.6.0, =0.6.0, =0.4.0, =0.6.0, =0.15.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0055...

BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2300 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)

lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0086...

Fedora: Security Advisory for rust-rustls-webpki (FEDORA-2023-7cb316a73b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-rustls-webpki (FEDORA-2023-6ef5f2fbf3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-41051

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

CVE-2023-41051 Default functions in VolatileMemory trait lack bounds checks in vm-memory

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

CVE-2023-41051

CVE-2023-41051 concerns the vm-memory crate used in VMMs. A flaw in the default implementations of VolatileMemory::get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, and get_array_ref allows out-of-bounds access if VolatileMemory::get_slice returns a VolatileSlice whose length is less than ...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Builder Quick exploit builder for CVE-2023-388...

Fedora 38 : rust-rustls-webpki (2023-7cb316a73b)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7cb316a73b advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...

Fedora 37 : rust-rustls-webpki (2023-6ef5f2fbf3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6ef5f2fbf3 advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf,"...

rust-toolset:ol8 security update

1.66.1-2 - rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497...

Oracle Linux 8 : rust-toolset:ol8 (ELSA-2023-4635)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4635 advisory. 1.66.1-2 - rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 Tenable has extracted the preceding description block direct...

rust security update

1.66.1-2 - rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497...

Oracle Linux 9 : rust (ELSA-2023-4634)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4634 advisory. 1.66.1-2 - rust-cargo: cargo does not respect the umask when extracting dependencies CVE-2023-38497 Tenable has extracted the preceding description block direct...