GHSA-F5V5-CCQC-6W36 async-nats vulnerable to TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

async-nats vulnerable to TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

CVE-2023-28448

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

Design/Logic Flaw

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

Deserialization of untrusted data

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28446

CVE-2023-28446 affects the Deno runtime and allows a malicious program to spoof the interactive permission prompts (op_spawn_child/op_kill) by inserting or abusing ANSI escape sequences, causing the prompt to display one text while granting another. Root cause: inadequate ANSI filtering in the pe...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. This wor...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448 Versionize is lacking bound checks, potentially leading to out of bounds memory access

Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for...

CVE-2023-28448

CVE-2023-28448 affects the Versionize crate used with vmm_sys_utils::FamStructWrapper. The root cause is missing bound checks in Versionize::deserialize, enabling potential out-of-bounds memory accesses. The issue starts with version 0.1.1 and was fixed in 0.1.10 by adding a check that compares l...

bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)

openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0024...

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)

openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0022...

RUSTSEC-2023-0029 TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

RUSTSEC-2023-0027 TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...

CVE-2023-28445

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

Versionize 缓冲区错误漏洞

Versionize is a framework for version-tolerant serialization/deserialization of Rust data structures, designed for use cases that require fast deserialization times and minimal size overhead. Versionize suffers from a buffer error vulnerability that stems from an out-of-bounds memory access issue...