CVE-2022-39397

CVE-2022-39397 affects the Rust crate aliyun-oss-client (Alibaba Cloud OSS). The vulnerability causes unintentional disclosure of incoming secret data. It has been patched in version 0.8.1. If using this crate, upgrade to 0.8.1 or newer to mitigate the issue. The available connected documents con...

CVE-2022-39397 Exposure of sensitive information in aliyun-oss-client

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1...

Oracle Linux 9 : mingw-gcc (ELSA-2022-8415)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8415 advisory. 12.0.1-11.2 - Bump release and rebuild resolves: rhbz2096010 12.0.1-11.1 - Rebase to Fedora Rawhide resolves: rhbz2080170 Tenable has extracted the preceding...

SUSE SLED15 / SLES15 Security Update : sccache (SUSE-SU-2022:4073-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4073-1 advisory. - An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. I...

SUSE SLES15 Security Update : 389-ds (SUSE-SU-2022:4124-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4124-1 advisory. - An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances...

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

The threat actors behind the Hive ransomware-as-a-service RaaS scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure...

AlmaLinux 9 : mingw-gcc (ALSA-2022:8415)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8415 advisory. - GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial ...

CVE-2021-45710

A flaw was found in the tokio crate for Rust. In circumstances involving a closed oneshot channel, there is a data race and memory corruption issue...

SUSE SLES15 Security Update : 389-ds (SUSE-SU-2022:3996-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3996-1 advisory. - An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances...

gcc: uncontrolled recursion in libiberty/rust-demangle.c

A flaw was discovered in the GNU libiberty library within the demanglepath function in rust-demangle.c, as distributed in the GNU Compiler Collection GCC. This flaw allows a crafted symbol to cause stack memory to be exhausted, leading to a crash...

rust-coreos-installer bug fix and enhancement update

An update is available for rust-coreos-installer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

keylime-agent-rust bug fix and enhancement update

An update is available for keylime-agent-rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

rust bug fix and enhancement update

An update is available for rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...

rust-ssh-key-dir bug fix and enhancement update

An update is available for rust-ssh-key-dir. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

rust-afterburn bug fix and enhancement update

An update is available for rust-afterburn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39392 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39392 Source advisory: OSV:RUSTSEC-2022-0076...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39393 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39393 Source advisory: OSV:RUSTSEC-2022-0075...

rust-toolset:rhel8 bug fix and enhancement update

An update is available for rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.7...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39394 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39394 Source advisory: OSV:RUSTSEC-2022-0097...

The Rise of Rust, the ‘Viral’ Secure Programming Language That’s Taking Over Tech

Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough...