9527 matches found
Fedora: Security Advisory for rust (FEDORA-2023-6f2c7aa713)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : rust (2023-6f2c7aa713)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6f2c7aa713 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack
By Waqas FortiGuard Labs Reveals Insights into Recent Surge of Cyberattacks Utilizing Rust Programming Language. This is a post from HackRead.com Read the original post: Rust-Based Injector Deploys XWorm and Remcos RAT in Multi-Stage Attack...
feembox (>=0.1.0 <=0.1.1), mail (>=0.6.0 <=0.7.0) +5 more potentially affected by unknown CVE via mail-internals (=0.2.3)
mail-internals CARGO version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on mail-internals and may be impacted: - feembox =0.1.0, =0.6.0, =0.6.0, =0.6.0, =0.2.0, =0.6.0, =0.1.0, =0.1.2 Source cves: unknown CVE Source advisory:...
RustLibrary (>=0.1.0 <=0.2.0), RustyBox (=0.1.0) +410 more potentially affected by unknown CVE via tui (>=0.10.0 <=0.9.5)
tui CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.2, =0.1.6, =0.1.0, =0.1.0, =0.0.9, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0049...
Moderate Photon OS Security Update - PHSA-2023-5.0-0067
Updates of 'rust' packages of Photon OS have been released...
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
AZL-28510 CVE-2023-38497 affecting package rust for versions less than 1.72.0-2
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
ALPINE-CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
DEBIAN-CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
Code injection
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
CVE-2023-38497 Cargo not respecting umask when extracting crate archives
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
CVE-2023-38497 Cargo not respecting umask when extracting crate archives
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
CVE-2023-38497
CVE-2023-38497 concerns Cargo and Rust: older Cargo (pre-0.72.2) bundled with Rust pre-1.71.1 did not respect the umask when extracting crate archives, allowing a local-privilege-like impact where a local user could alter source code being compiled and executed by the current user. The issue is m...
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
CVE-2023-38497 Cargo not respecting umask when extracting crate archives
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
CVE-2023-38497
A flaw was found in the rust-cargo package. Cargo, as bundled with the Rust compiler, did not respect the umask when extracting dependency tarballs and caching the extraction for future builds. If a dependency contained files with 0777 permissions, another local user could edit the cache of the...
Ubuntu: Security Advisory (USN-6275-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-GPCV-P28P-FV2P odoh-rs's Invalid Slice Split Results in Server Panic
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. Impact An attacker with knowledge of this vulnerability could craft and...