Design/Logic Flaw

conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...

conduit-hyper vulnerable to Denial of Service from unchecked request length

Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a panic if memory allocation failed for that request. In version 0.4.2,...

nfprobe (=0.0.1), terminus (>=0.1.0 <=0.2.0) potentially affected by unknown CVE via elf_rs (>=0.1.1 <=0.1.3)

elfrs CARGO version =0.1.1, =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0079...

CVE-2022-39294

CVE-2022-39294 affects conduit-hyper prior to 0.4.2, a Rust crate that integrates conduit with hyper. The root cause is that earlier versions did not enforce any limit on the request length before calling hyper::body::to_bytes, allowing an attacker to send a malicious request with an abnormally l...

CVE-2022-39354

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

eth-utils (>=0.1.1 <=0.2.0), evm-network (>=0.11.0 <=0.11.0-beta.3) +31 more potentially affected by CVE-2022-39354 via evm (>=0.11.1 <=0.33.1)

evm CARGO version =0.11.1, =0.1.1, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =1.0.0, =1.0.0, =2.1.0 - fp-storage =1.0.0 and more Source cves: CVE-2022-39354 Source advisory: OSV:RUSTSEC-2022-0083...

RUSTSEC-2022-0083 evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

SputnikVM 安全漏洞

SputnikVM is a Rust-based ethereum virtual machine implementation by rust-blockchain individual developers. A security vulnerability exists in SputnikVM versions prior to 0.36.0 that stems from passing the isstatic parameter is incorrect, an issue that could lead to incorrect state transitions...

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2022-39354

SputnikVM (evm) has a vulnerability where the is_static parameter in custom stateful precompiles could be incorrect prior to v0.36.0, incorrectly setting static context only for direct STATICCALL calls. This could lead to incorrect state transitions for affected precompiles. The patch is included...

OPENSUSE-SU-2022:10150-1 Security update for seamonkey

This update for seamonkey fixes the following issues: Update to SeaMonkey 2.53.14 Updates to the following DOM HTML element interfaces: Embed, Object, Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem, TextArea, Source, Select, Option, Script and Html. Please test add-ons. Contin...

Rust: Multiple Vulnerabilities

Background A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Description Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

GLSA-202210-09 : Rust: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-09 Rust: Multiple Vulnerabilities - In the standard library in Rust before 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. CVE-2021-28875 - In t...

Security update for seamonkey (important)

openSUSE Security Update: Security update for seamonkey Announcement ID: openSUSE-SU-2022:10149-1 Rating: important References: 1203916 Affected Products: openSUSE Leap 15.4 An update that contains security fixes can now be installed. Description: This update fixes the following issues: Update to...

Security update for seamonkey (important)

openSUSE Security Update: Security update for seamonkey Announcement ID: openSUSE-SU-2022:10150-1 Rating: important References: 1203916 Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update for seamonkey fixes the following...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 POC With...

Slack Morphism Information Disclosure Vulnerability

Slack Morphism is a modern asynchronous client library for Rust that supports Slack Web, Events APIocket Mode, and Block Kit. versions prior to Slack Morphism 1.3.2 have an information disclosure vulnerability that stems from insufficient protection of sensitive information in the application,...

Slack Morphism 安全漏洞

Slack Morphism is a modern asynchronous client library for Rust that supports Slack Web, Events APIocket Mode, and Block Kit. versions prior to Slack Morphism 1.3.2 have an information disclosure vulnerability that stems from insufficient protection of sensitive information in the application,...