Maligned causes incorrect deallocation

maligned::alignfirst manually allocates with an alignment larger than T, and then uses Vec::fromrawparts on that allocation to get a Vec. GlobalAlloc::dealloc requires that the layout argument must be the same layout that was used to allocate that block of memory. When deallocating, Box and Vec m...

DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text

DataSurgeon ds is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...

[SECURITY] Fedora 36 Update: rust-sequoia-sq-0.26.0-5.fc36

Command-line frontends for Sequoia...

[SECURITY] Fedora 36 Update: rust-sequoia-octopus-librnp-1.4.1-5.fc36

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

[SECURITY] Fedora 37 Update: rust-sequoia-sop-0.26.1-5.fc37

Implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 37 Update: rust-sequoia-octopus-librnp-1.4.1-5.fc37

Reimplementation of RNP's interface using Sequoia for use with Thunderbird...

Fedora 36 : rust-sequoia-octopus-librnp / rust-sequoia-sop / rust-sequoia-sq (2023-7bd6fbb5fa)

The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-7bd6fbb5fa advisory. Rebuild for bzip2 0.4.4 CVE-2023-22895 / RUSTSEC-2023-0004. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 37 : rust-sequoia-octopus-librnp / rust-sequoia-sop / rust-sequoia-sq (2023-c17427d18a)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-c17427d18a advisory. Rebuild for bzip2 0.4.4 CVE-2023-22895 / RUSTSEC-2023-0004. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora: Security Advisory for rust-sequoia-sq (FEDORA-2023-c17427d18a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-c17427d18a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-octopus-librnp (FEDORA-2023-7bd6fbb5fa)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-octopus-librnp (FEDORA-2023-c17427d18a)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-sequoia-sop (FEDORA-2023-7bd6fbb5fa)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

cacheline-ef (>=1.0.0 <=1.1.0), dsi-bitstream (=0.4.2) +8 more potentially affected by unknown CVE via maligned (=0.2.1)

maligned CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on maligned and may be impacted: - cacheline-ef =1.0.0, =0.4.0, =0.6.0, =0.1.6, =0.1.0, =0.1.0, =0.4.0, =0.4.2 - vframe =0.3.2 Source cves: unknown CVE Source advisory:...

Ascii (crate) allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

abrute (>=0.1.7 <=0.1.9), alass-cli (>=1.0.0 <=2.0.0) +158 more potentially affected by unknown CVE via ascii (>=0.7.1 <=0.8.7)

ascii CARGO version =0.7.1, =0.1.7, =1.0.0, =0.1.0, =0.1.0, =0.1.4, =0.2.0, =0.0.1, =0.14.0, =0.1.0, =0.0.0, =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0015...

RUSTSEC-2023-0015 Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

GHSA-MC8H-8Q98-G5HR Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting...

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting...

Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor AP, it's just one of the many processors of a system-on-chip SoC that cater to various tasks like...