Code injection

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...

CVE-2021-41149

The CVE-2021-41149 issue concerns the tough Rust library (pre-0.12.0) where target names are not properly sanitized when caching a repository or saving targets to an output directory. This can allow files to be overwritten with arbitrary content anywhere on the system. A fix is available in versi...

CVE-2021-41149 Improper sanitization of target names in tough

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...

evm-network (>=0.11.0 <=0.11.0-beta.3), evm-network-classic (>=0.11.0 <=0.11.0-beta.3) +21 more potentially affected by CVE-2021-41153 via evm (>=0.11.1 <=0.27.0)

evm CARGO version =0.11.1, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =3.0.0 and more Source cves: CVE-2021-41153 Source advisory: OSV:GHSA-PVH2-PJ76-4M96...

SUSE: Security Advisory (SUSE-SU-2021:14826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : MozillaFirefox, rust-cbindgen (SUSE-SU-2021:14826-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14826-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash...

evm crate 安全漏洞

evm crate is a Rust Ethereum virtual machine implementation. A security vulnerability exists in evm crate that stems from a condition in evm crate where the JUMPI opcode is checked after a destination validity check...

abomonation_derive (>=0.1.0 <=0.5.0), abomonation_derive_ng (=0.1.0) +30 more potentially affected by CVE-2021-45708 via abomonation (>=0.4.6 <=0.7.3)

abomonation CARGO version =0.4.6, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.1, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2021-45708 Source advisory: OSV:RUSTSEC-2021-0120...

RUSTSEC-2021-0120 abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

abomonation transmutes &T to and from &[u8] without sufficient constraints

This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...

CentOS 8 : thunderbird (CESA-2021:3838)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:3838 advisory. - rust-crossbeam-deque: race condition may lead to double free CVE-2021-32810 - Mozilla: Use-after-free in MessageTask CVE-2021-38496 - Mozilla:...

RHEL 8 : thunderbird (RHSA-2021:3838)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3838 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fixes: Mozilla:...

CentOS 8 : firefox (CESA-2021:3755)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:3755 advisory. - rust-crossbeam-deque: race condition may lead to double free CVE-2021-32810 - Mozilla: Use-after-free in MessageTask CVE-2021-38496 - Mozilla:...

RHEL 8 : thunderbird (RHSA-2021:3840)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3840 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fixes: Mozilla:...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

rust-crossbeam-deque: race condition may lead to double free

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never...

RHEL 8 : firefox (RHSA-2021:3757)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3757 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

PT-2021-24283 · Crypto2 · Crypto2

Name of the Vulnerable Software and Affected Versions: crypto2 crate through 2021-10-08 for Rust Description: An issue was discovered in the crypto2 crate that affects Chacha20 encryption and decryption. The implementation does not enforce alignment requirements on input slices, incorrectly...