Fedora 41 : retsnoop / rust-rbspy (2024-aa246ab1a3)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-aa246ab1a3 advisory. Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400. Tenable has extracted the preceding description block directly from the Fedora...

Fedora 41 : rust-rustls (2024-0d14d0d2f9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-0d14d0d2f9 advisory. Update to version 0.23.19. This version includes fix for RUSTSEC-2024-0399. Tenable has extracted the preceding description block directly from the Fedora...

Fedora 40 : rust-rustls (2024-5a5f401785)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5a5f401785 advisory. Update to version 0.23.19. This version includes fix for RUSTSEC-2024-0399. Tenable has extracted the preceding description block directly from the Fedora...

RUSTSEC-2024-0438 Wasmtime doesn't fully sandbox all the Windows device filenames

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-c2f5-jxjv-2hh8. For more information see the GitHub-hosted security advisory...

Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +88 more potentially affected by unknown CVE via fast-float (=0.2.0)

fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...

b4ae (>=2.0.0 <=2.1.3), crypt_guard (>=0.1.4 <=1.3.6) +22 more potentially affected by unknown CVE via pqcrypto-dilithium (>=0.1.1 <=0.5.0)

pqcrypto-dilithium CARGO version =0.1.1, =2.0.0, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.0.1, =0.6.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0380...

b4ae (>=2.0.0 <=2.1.3), clatter (>=0.1.2-alpha <=2.0.0-rc.1) +26 more potentially affected by unknown CVE via pqcrypto-kyber (>=0.1.2 <=0.8.1)

pqcrypto-kyber CARGO version =0.1.2, =2.0.0, =0.1.2-alpha, =0.1.4, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.5.0 - qux-pqc =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0381...

Fedora 40 : rust-pyo3 / rust-pyo3-build-config / rust-pyo3-ffi / etc (2024-23292e9f6d)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-23292e9f6d advisory. Update pyo3 to version 0.22.4. This version addresses a potential use-after-free RUSTSEC-2024-0378. Tenable has extracted the preceding description block...

RUSTSEC-2024-0439 Race condition could lead to WebAssembly control-flow integrity and type safety violations

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-7qmx-3fpx-r45m. For more information see the GitHub-hosted security advisory...

RUSTSEC-2024-0440 Runtime crash when combining tail calls with stack traces

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q8hx-mm92-4wvg. For more information see the GitHub-hosted security advisory...

lexical-core has multiple soundness issues

RUSTSEC-2024-0377 contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls...

Fedora: Security Advisory (FEDORA-2024-12f0caa904)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-d88521bfc5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-638f25a317)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-eb87748e07)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

alerter (>=0.3.0 <=0.3.1), libmatrix-client (=0.0.1) +10 more potentially affected by CVE-2024-45191 +2 more via olm-sys (>=0.1.5 <=1.3.2)

olm-sys CARGO version =0.1.5, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.10-alpha, =0.13.0, =0.1.0, =0.3.0 Source cves: CVE-2024-45191, CVE-2024-45192, CVE-2024-45193 Source advisory: OSV:RUSTSEC-2024-0368...

abacuz (=0.1.1), acme-dns-rust (>=1.0.0 <=1.1.6) +305 more potentially affected by unknown CVE via sqlx (>=0.2.6 <=0.8.0)

sqlx CARGO version =0.2.6, =1.0.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.3.0, =0.4.9 - appenddbpostgres =0.2.0 - aquadoggo =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0363...

bitcoin-harness (=0.1.0), bitcoin_rpc_client (>=0.5.0 <=0.6.1) +81 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.57)

openssl CARGO version =0.10.22, =0.5.0, =0.2.0, =0.0.0, =0.0.1, =0.3.3, =0.6.25, =0.1.0-alpha.0, =0.1.24, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.38.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0357...

Fedora 40 : rust-sequoia-chameleon-gnupg / rust-sequoia-gpg-agent / etc (2024-12f0caa904)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-12f0caa904 advisory. - Update the sequoia-openpgp crate to version 1.21.1. Addresses RUSTSEC-2024-0345. - Update the sequoia-keystore crate to version 0.5.1. - Update the...

LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +2867 more potentially affected by CVE-2024-58262 via curve25519-dalek (>=1.1.3 <=4.1.0)

curve25519-dalek CARGO version =1.1.3, =0.19.0, =0.4.1, =0.2.4, =0.13.0, =0.16.0, =0.1.0, =0.0.1, =0.1.0, =0.2.0-beta.4, =0.2.0-beta.4, =0.13.0, =0.16.5, =0.16.7 and more Source cves: CVE-2024-58262 Source advisory: OSV:RUSTSEC-2024-0344...