9497 matches found
CVE-2016-10931
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification...
CVE-2017-18587
An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers...
CVE-2016-10933
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...
CVE-2016-10933
CVE-2016-10933 affects the portaudio crate up to version 0.7.0 for Rust. The underlying issue is that the build process downloads the portaudio source via cleartext HTTP, enabling a man-in-the-middle attacker to tamper the downloaded archive. Multiple connected sources describe this as a MitM ris...
CVE-2016-10932
The CVE-2016-10932 issue affects the hyper crate for Rust on Windows before version 0.9.4, where hostname verification was omitted during HTTPS, enabling potential Man‑in‑the‑Middle (MitM) attacks. Root cause: missing hostname verification in TLS on Windows builds. Impact: interception or tamperi...
CVE-2016-10932
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted...
CVE-2016-10932
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted...
CVE-2016-10931
CVE-2016-10931 pertains to the openssl crate for Rust prior to 0.9.0. The issue is a TLS/SSL MITM vulnerability caused by certificate verification being off by default and the absence of an API for hostname verification, enabling an attacker to interfere with connections. The available documents ...
CVE-2019-1010299
The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...
serde-yaml denial of service vulnerability
serde-yaml is a Rust library that supports the use of both the Serde serialization framework and data in YAML format. A security vulnerability exists in serde serdeyaml versions 0.6.0 through 0.8.3. An attacker can exploit this vulnerability to cause a denial of service...
CVE-2019-1010182
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...
CVE-2019-1010182
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...
CVE-2019-1010182
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...
CVE-2019-1010182
Yaml-rust 0.4.0 and earlier are affected by Uncontrolled Recursion in YamlLoader::load_from_str. The impact is a Denial of Service via an uncatchable abort, triggered by parsing a malicious YAML document. The fix is in 0.4.1 and later. This aligns across Red Hat, Debian, Ubuntu, OSV, and NVD entr...
CVE-2019-1010182
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...
CVE-2019-1010182
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::loadfromstr function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later...
Why Rust for safe systems programming
In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...
Why Rust for safe systems programming
In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...
Why Rust for safe systems programming
In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...
actix (>=0.5.0 <=0.7.7), actix-ogn (=0.1.0) +270 more potentially affected by CVE-2019-15553 via memoffset (>=0.1.0 <=0.2.1)
memoffset CARGO version =0.1.0, =0.5.0, =0.7.5, =0.2.5, =0.4.0, =0.9.0, =0.1.0, =0.1.0, =0.4.0, =0.5.0, =0.4.0, =0.7.0 and more Source cves: CVE-2019-15553 Source advisory: OSV:RUSTSEC-2019-0011...