CVE-2022-31162 Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive...

CVE-2022-31162

CVE-2022-31162 affects Slack Morphism (Rust) prior to 0.41.0. The root issue was overly verbose debug formatting that could cause Slack OAuth client information to leak into application logs. Exploitation guidance is not provided in the documents; however, various sources confirm an information d...

apollo-gateway-rs (>=0.7.5 <=0.7.6), aqlgen (>=0.1.0 <=0.8.0) +61 more potentially affected by unknown CVE via async-graphql (>=1.13.4 <=4.0.16)

async-graphql CARGO version =1.13.4, =0.7.5, =0.1.0, =0.1.0, =0.1.0, =0.0.1-alpha+3, =0.1.0, =2.9.13, =0.1.0-beta.0, =2.9.12, =0.2.0, =1.14.10, =0.1.0, =1.0.0, =4.0.16 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0037...

Google Adds Support for DNS-over-HTTP/3 in Android to Keep DNS Queries Private — The Hacker News

Google on Tuesday officially announced support for DNS-over-HTTP/3 DoH3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS DoT, which was...

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware surprise, surprise! definitely stands out. In this blog post, we provide several excerpts from last months reports...

GHSA-99J7-MHFH-W84P Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs

Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...

Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs

Impact Potential/accidental leaking of Slack OAuth client information in application debug logs. Patches More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs. Workarounds Don't...

Medium: rust

Issue Overview: In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked. CVE-2020-36323 In the standard library in Rust before...

Medium: rust

Issue Overview: A race condition flaw was found in Rust's std::fs::removedirall function. Rust applications that use this function may be vulnerable to a race condition where an unprivileged attacker can trick the application into deleting files and directories, causing an impact on system data...

Amazon Linux 2 : rust (ALAS-2022-1817)

The version of rust installed on the remote host is prior to 1.61.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1817 advisory. A race condition flaw was found in Rust's std::fs::removedirall function. Rust applications that use this function may be vulnerable ...

Amazon Linux 2 : rust (ALAS-2022-1816)

The version of rust installed on the remote host is prior to 1.56.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1816 advisory. In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized byt...

AZL-40893 CVE-2022-32214 affecting package rust for versions less than 1.75.0-1

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

AZL-41051 CVE-2022-32213 affecting package rust for versions less than 1.75.0-1

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

AZL-41446 CVE-2022-32215 affecting package rust for versions less than 1.75.0-1

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

PT-2022-16020 · Unknown · Libp2P-Rust

Name of the Vulnerable Software and Affected Versions: libp2p-rust versions prior to 0.45.1 Description: The issue allows an attacker node to cause a victim node to allocate a large number of small memory chunks, leading to the victim's process running out of memory and potentially getting killed...

Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method

The operators of the Hive ransomware-as-a-service RaaS scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving...

Hive ransomware gets upgrades in Rust

Hive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service RaaS ecosystem. With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest...

Hive ransomware gets upgrades in Rust

Hive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service RaaS ecosystem. With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest...

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +79 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.37.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - lunatic-common-api =0.9.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0101...

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +79 more potentially affected by CVE-2022-31104 via wasmtime (>=0.10.0 <=0.37.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - lunatic-common-api =0.9.0 and more Source cves: CVE-2022-31104 Source advisory: OSV:GHSA-JQWC-C49R-4W2X...