9498 matches found
CVE-2018-20993
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...
CVE-2016-10933
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...
CVE-2017-18587
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers...
CVE-2016-10932
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted...
CVE-2016-10932
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted...
CVE-2017-18587
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers...
CVE-2018-20993
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...
Deserialization of untrusted data
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...
Code injection
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...
Information disclosure
An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled...
Design/Logic Flaw
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted...
UBUNTU-CVE-2018-20993
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...
UBUNTU-CVE-2018-20990
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...
CVE-2018-20990
CVE-2018-20990 affects the tar crate for Rust (pre-0.4.16). The issue is that arbitrary file overwrite can occur via a symlink or hardlink inside a TAR archive, representing a path traversal-like risk when unpacking archives. The available documents identify the vulnerable component and the under...
CVE-2018-20990
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...
CVE-2018-20994
CVE-2018-20994 affects the Rust crate trust-dns-proto prior to 0.5.0-alpha.3. The issue is infinite recursion/stack overflow caused by incorrect handling of DNS message compression (RFC1035 section 4.1.4). Connected advisories (e.g., RUSTSEC-2018-0007, GHSA-369H-PJR2-6WRH, Red Hat RH/CVE-2018-209...
CVE-2018-20993
The CVE-2018-20993 entry concerns the yaml-rust crate for Rust, where versions before 0.4.1 allow uncontrolled recursion during deserialization. Affected is the yaml-rust crate (pre-0.4.1); impact is potential disruption/crash due to recursion depth. Remediation: upgrade to 0.4.1 or newer; if upg...
CVE-2018-20993
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...
CVE-2018-20993
An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization...
CVE-2018-20992
The CVE-2018-20992 issue affects the Rust Claxon crate (pre-0.4.1). A decode-buffer size handling flaw allowed uninitialized memory to be exposed; parts of the decode buffer could be overwritten or revealed depending on the bitstream value. Public descriptions (e.g., GHSA and RustSec advisories) ...