a2 (=0.3.6), aerospike (=0.3.0) +204 more potentially affected by CVE-2021-32810 via crossbeam-deque (>=0.1.1 <=0.6.3)

crossbeam-deque CARGO version =0.1.1, =0.2.5, =0.9.0, =0.1.0, =0.4.0, =0.5.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.5.0 and more Source cves: CVE-2021-32810 Source advisory: OSV:RUSTSEC-2021-0093...

Hackers Turning to 'Exotic' Programming Languages for Malware Development

Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their...

Malware Makers Using ‘Exotic’ Programming Languages

Malware authors are increasingly using rarely spotted programming languages such as Go, Rust, Nim and DLang in order to create new tools and to hinder analysis, researchers have found. Use of those four languages is escalating in the number of malware families being identified, according to a...

Logging: A Deep Dive

Our RASP product At Imperva our team builds a product called RASP which stands for Runtime Application Self Protection. As indicated by the name, it is a security product which plugs directly into the runtime of an application in order to provide a similar and complementary set of capabilities as...

async_docker (>=0.1.0 <=0.1.1), cargo (>=0.4.0 <=0.8.0) +11 more potentially affected by CVE-2021-38511 via tar (>=0.2.14 <=0.3.4)

tar CARGO version =0.2.14, =0.1.0, =0.4.0, =0.3.1, =0.1.0, =0.3.0, =0.2.0, =0.2.0, =0.2.1, =0.0.1, =0.0.9 - wormhole =0.1.0 Source cves: CVE-2021-38511 Source advisory: OSV:RUSTSEC-2021-0080...

barberousse (>=0.1.0 <=0.1.6), borrowing_exerci (>=0.1.0 <=0.4.51) +18 more potentially affected by CVE-2021-36753 via bat (>=0.12.1 <=0.17.1)

bat CARGO version =0.12.1, =0.1.0, =0.1.0, =0.4.0, =0.6.0, =0.1.0, =0.2.0, =0.0.2, =0.16.0, =0.16.0, =0.1.0, =0.5.2, =0.12.0, =0.11.1, =0.12.0, =0.11.0, =0.12.1 and more Source cves: CVE-2021-36753 Source advisory: OSV:RUSTSEC-2021-0106...

CVE-2021-24117

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

CVE-2021-24117

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

Code injection

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

CVE-2021-24117

CVE-2021-24117 affects Apache Teaclave Rust SGX SDK 1.1.3 and is caused by a side-channel vulnerability in base64 PEM file decoding that can be exploited in isolated environments running on Intel SGX. This allows system-level attackers to glean information about secret RSA keys via a controlled-c...

Baidu Rust SGX SDK 安全漏洞

Baidu Rust SGX SDK is a Rust language development kit for Intel SGX Trusted Computing Platform from Baidu, China. Baidu Rust SGX SDK suffers from a security vulnerability, which originates from a side-channel vulnerability in base64 PEM file decoding in Rust SGX 1.1.3. An attacker can exploit the...

BeerHolderBot (>=0.1.0 <=0.3.6), GetPDB (>=0.1.0 <=1.0.1) +5228 more potentially affected by CVE-2021-32715 via hyper (>=0.0.1 <=0.13.7)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: CVE-2021-32715 Source advisory: OSV:GHSA-F3PG-QWVG-P99C...

ark-bls12-377 (=0.2.0), ark-crypto-primitives (=0.2.0) +19 more potentially affected by CVE-2021-38194 via ark-r1cs-std (=0.2.0)

ark-r1cs-std CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on ark-r1cs-std and may be impacted: - ark-bls12-377 =0.2.0 - ark-crypto-primitives =0.2.0 - ark-curve-constraint-tests =0.2.0 - ark-ed-on-bls12-377 =0.2.0 -...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

DEBIAN-CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32714

hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes...

UBUNTU-CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

CVE-2021-32715

Hyper (Rust HTTP library) had a vulnerability in its HTTP/1 server code where a Content-Length header prefixed with a plus sign could be accepted instead of rejected, enabling potential request smuggling/desync attacks. The issue affects all prior Hyper versions before 0.14.10 when built with rus...