9526 matches found
New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency
Chromium-based web browsers are the target of a new malware calledRilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a...
AZL-25812 CVE-2023-27533 affecting package rust for versions less than 1.72.0-2
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
AZL-25810 CVE-2023-27534 affecting package rust for versions less than 1.72.0-2
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
AZL-25811 CVE-2023-27535 affecting package rust for versions less than 1.72.0-2
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...
AZL-25858 CVE-2023-27537 affecting package rust for versions less than 1.72.0-2
A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...
AZL-25809 CVE-2023-27536 affecting package rust for versions less than 1.72.0-2
An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...
AZL-25808 CVE-2023-27538 affecting package rust for versions less than 1.72.0-2
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...
CVE-2023-28631
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...
CVE-2023-28631
CVE-2023-28631 affects the comrak Markdown parser/renderer (Rust). The issue arises when an AST is constructed manually and later formatted to HTML; the formatter assumes data is valid UTF-8, but some [u8] fields may not be, triggering bugs. Affected version is 0.17.0; remediation per sources is ...
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...
CVE-2023-28626
CVE-2023-28626 affects the comrak crate (Rust) used for CommonMark/GFM parsing. Connected documents confirm the vulnerability is a set of quadratic parsing issues that can cause denial-of-service in services parsing Markdown, with remediation by upgrading to a newer comrak release (addressed in 0...
about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by CVE-2023-28631 via comrak (>=0.10.1 <=0.16.0)
comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: CVE-2023-28631 Source advisory: OSV:GHSA-5R3X-P7XX-X6Q5...
about-filter (>=0.1.0 <=0.1.1), askama (=0.12.0) +56 more potentially affected by CVE-2023-28626 via comrak (>=0.10.1 <=0.16.0)
comrak CARGO version =0.10.1, =0.1.0, =0.12.1, =1.0.0, =1.0.0, =0.1.0, =0.2.0, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.5.5 and more Source cves: CVE-2023-28626 Source advisory: OSV:GHSA-8HQF-XJWP-P67V...
GHSA-WVC4-J7G5-4F79 NATS TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. A fix for the nats crate hasn't been released yet. Since the nats crate is going to be deprecated anyway, consider switching to async-nats = 0.29 which already fixed this vulnerability. The common name of the server's TLS...
NATS TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. A fix for the nats crate hasn't been released yet. Since the nats crate is going to be deprecated anyway, consider switching to async-nats = 0.29 which already fixed this vulnerability. The common name of the server's TLS...
CVE-2023-0464 affecting package rust for versions less than 1.68.0-1
CVE-2023-0464 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...
CVE-2022-35256 affecting package rust for versions less than 1.68.0-1
CVE-2022-35256 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...
CVE-2023-22742 affecting package rust for versions less than 1.68.0-1
CVE-2023-22742 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...
CVE-2024-7264 affecting package rust for versions less than 1.68.0-1
CVE-2024-7264 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...