adder-codec-rs (=0.1.15), assimp (>=0.0.4 <=0.0.6) +56 more potentially affected by unknown CVE via mmap (=0.1.1)

mmap CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on mmap and may be impacted: - adder-codec-rs =0.1.15 - assimp =0.0.4, =0.9.0, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.4.0 - cupi =0.1.0 - cupishift =0.1.0 - cylus =0.1.0...

Fedora 40 : rust-h2 (2024-f99ee6bf95)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-f99ee6bf95 advisory. Update to version 0.3.26. Addresses RUSTSEC-2024-0332. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

abstract-account-factory (>=0.13.0 <=0.16.1), abstract-adapter-utils (>=0.16.0 <=0.19.2) +415 more potentially affected by CVE-2024-58263 via cosmwasm-std (=1.3.4)

cosmwasm-std CARGO version =1.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on cosmwasm-std and may be impacted: - abstract-account-factory =0.13.0, =0.16.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0-beta.4, =0.2.0-beta.4, =0.13.0, =0.16.5, =0.2.0-beta.4,...

RUSTSEC-2024-0335 gix-transport indirect code execution via malicious username

Summary gix-transport does not check the username part of a URL for text that the external ssh program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The possibilities are syntactically limited, but if a malicious clone URL is used by an application whose...

Fedora 39 : rust-h2 (2024-638f25a317)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-638f25a317 advisory. Update to version 0.3.26. Addresses RUSTSEC-2024-0332. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora 38 : rust-h2 (2024-c5b42e6462)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c5b42e6462 advisory. Update to version 0.3.26. Addresses RUSTSEC-2024-0332. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

RUSTSEC-2024-0441 Panic when using a dropped extenref-typed element segment

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5. For more information see the GitHub-hosted security advisory...

Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2024-575)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-575 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Tenable has extracted the preceding...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2024-574)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-574 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Tenable has extracted the preceding...

Amazon Linux 2 : aws-nitro-enclaves-cli (ALASNITRO-ENCLAVES-2024-039)

The version of aws-nitro-enclaves-cli installed on the remote host is prior to 1.2.3-0. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2024-039 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE:...

GHSA-R8W9-5WCG-VFJ7 Mio's tokens for named pipes may be delivered after deregistration

Impact When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be...

BrewStillery (>=1.0.0 <=6.2.0), Druid_task1 (=0.1.0) +399 more potentially affected by unknown CVE via gdk-sys (>=0.10.0 <=0.9.1)

gdk-sys CARGO version =0.10.0, =1.0.0, =0.13.2, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =0.1.2, =0.1.0, =0.21.0, =0.30.1 - avr-vm =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0418...

BrewStillery (>=1.0.0 <=6.2.0), Druid_task1 (=0.1.0) +389 more potentially affected by unknown CVE via gtk-sys (>=0.10.0 <=0.9.2)

gtk-sys CARGO version =0.10.0, =1.0.0, =0.13.2, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =0.1.2, =0.2.0, =0.21.0, =0.30.1 - avr-vm =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0420...

abi-stable-host-api (=0.1.1), abi_stable (>=0.2.0 <=0.11.3) +256 more potentially affected by unknown CVE via generational-arena (>=0.1.0 <=0.2.9)

generational-arena CARGO version =0.1.0, =0.2.0, =0.4.0, =0.4.0, =0.5.0, =0.1.14, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.7, =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0014...

RustProject (=0.1.0), SOEM-sys (=0.2.0) +2134 more potentially affected by CVE-2024-58266 via shlex (>=0.1.1 <=1.1.0)

shlex CARGO version =0.1.1, =0.1.0, =0.1.0, =0.0.9, =0.0.13 - aigcapi =5.1.2 - aigcchain =5.1.2 - aigcconfig =5.1.2 and more Source cves: CVE-2024-58266 Source advisory: OSV:RUSTSEC-2024-0006...

crabsay (>=0.1.0 <=0.1.1), craterfinder (>=0.1.0 <=0.1.1) +11 more potentially affected by unknown CVE via ferris-says (=0.2.1)

ferris-says CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on ferris-says and may be impacted: - crabsay =0.1.0, =0.1.0, =0.1.0, =0.1.1 - rs-lean =0.1.0 - rust-study =0.1.0 - rustbyexample =0.2.0 - rusty-grep =0.1.0 - rusty-redis...

GHSA-3MV5-343C-W2QG Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

This advisory is also published as RUSTSEC-2023-0074. The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B type...

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

This advisory is also published as RUSTSEC-2023-0074. The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B type...

Fedora 38 : clevis-pin-tpm2 / keyring-ima-signer / libkrun / rust-bodhi-cli / etc (2023-6215ea423b)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-6215ea423b advisory. Affected applications were rebuilt against version 0.10.60 of the the openssl crate the Rust bindings for OpenSSL to address two security advisories: -...

certificate_authority (=0.1.0), citadel_crypt (>=0.4.0 <=0.7.0) +13 more potentially affected by unknown CVE via pqc_kyber (>=0.4.0 <=0.7.1)

pqckyber CARGO version =0.4.0, =0.4.0, =0.3.0, =0.1.0-alpha, =1.3.0, =0.1.0, =11.0.0, =0.1.0, =9.0.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.1.19, =0.1.24 - sare-core =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0079...