SUSE CVE-2022-46149

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

SUSE CVE-2023-22895

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product...

RUSTSEC-2023-0081 safemem is unmaintained

The latest crates.io release was in 2019. The repository has been archived by the author. Migration - safemem::copyoverslice, srcidx, destidx, len; can be replaced with slice.copywithinsrcidx..srcidx+len, destidx; as of rust 1.37.0. - safemem::writebytesslice, byte; can be replaced with...

The vulnerability of the Cargo package manager in the Rust programming language, which allows attackers to compromise the integrity of the protected information

The vulnerability of the Cargo package manager in the Rust programming language is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information via the SSH protocol...

AZL-13289 CVE-2022-43552 affecting package rust for versions less than 1.72.0-2

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

bottlerocket dependency openssl has a double free vulnerability

A timing based side channel exists in the OpenSSL RSA decryption implementation which could enable a recovery of plaintext from across the network. This affects all RSA padding modes. A server agent compiled with OpenSSL could be made to give up plaintext payloads over the network, but this would...

GHSA-J859-PMRQ-9Q6C bottlerocket dependency openssl has a double free vulnerability

A timing based side channel exists in the OpenSSL RSA decryption implementation which could enable a recovery of plaintext from across the network. This affects all RSA padding modes. A server agent compiled with OpenSSL could be made to give up plaintext payloads over the network, but this would...

bottlerocket dependency openssl is vulnerable to read buffer overflow via X.509 verification

A read buffer overflow can be triggered in OpenSSL X.509 verification during name constraint checking. Note that this occurs after the certificate chain has been verified and would require a compromised CA. This can cause a client or agent compiled with OpenSSL to crash unexpectedly. OpenSSL has...

GHSA-J79X-VVGM-W73W bottlerocket dependency openssl provides streaming of ASN.1 data via a BIO

An OpenSSL public API provides streaming of ASN.1 data via a BIO. It is possible for a malicious third party to use the BIO to access unfreed memory pointers that are not cleaned up after execution of the API. Freeing these memory pointers will result in a crash. Agents and clients compiled with...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-4450 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-4450 Source advisory: OSV:RUSTSEC-2023-0010...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-4304 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-4304 Source advisory: OSV:RUSTSEC-2023-0007...

roaring-landmask (=0.4.0) potentially affected by CVE-2023-0216 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2023-0216 Source advisory: OSV:RUSTSEC-2023-0011...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems. "These attack campaigns appear to exploit CVE-2021-21974, for which a patch has been available since February 23, 2021," the Computer Emergency Response Team CERT of France said i...

GHSA-4Q83-7CQ4-P6WG `tokio::io::ReadHalf<T>::unsplit` is Unsound

tokio::io::ReadHalf::unsplit can violate the Pin contract The soundness issue is described in the tokio/issues5372 Specific set of conditions needed to trigger an issue a !Unpin type in ReadHalf is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust...

[SECURITY] Fedora 36 Update: rust-tokei-12.1.2-4.fc36

Count your code, quickly...

[SECURITY] Fedora 36 Update: rust-silver-2.0.1-4.fc36

Cross-shell customizable powerline-like prompt with icons...

[SECURITY] Fedora 36 Update: rust-resctl-bench-2.1.2-8.fc36

resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...

[SECURITY] Fedora 36 Update: rust-rd-hashd-2.1.2-7.fc36

Latency-sensitive pseudo workload for resctl-demo...

[SECURITY] Fedora 36 Update: rust-pretty-git-prompt-0.2.1-15.fc36

Your current git repository information inside a beautiful shell prompt...