637 matches found
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10...
GHSA-75W2-QV55-X7FV openssl npm package vulnerable to command execution
The openssl aka node-openssl NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field used for command execution. NOTE: This vulnerability only affects products that are no longer supported by t...
CVE-2023-49102
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...
RUSTSEC-2023-0076 `cpython` is unmaintained
The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...
RUSTSEC-2023-0088 `loopdev` crate is unmaintained; use 'loopdev-3` instead.
The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...
`loopdev` crate is unmaintained; use 'loopdev-3` instead.
The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...
RUSTSEC-2023-0067 `fehler` is unmaintained; use `culpa` instead
The fehler crate is no longer maintained. Consider using culpa instead...
PT-2023-36096 · Fehler +1 · Fehler +1
Name of the Vulnerable Software and Affected Versions: fehler affected versions not specified Description: The fehler crate is no longer maintained. It is recommended to consider using culpa instead. Recommendations: At the moment, there is no information about a newer version that contains a fix...
Cross site request forgery (csrf)
UNSUPPPORTED WHEN ASSIGNED SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer...
RUSTSEC-2023-0085 HPACK decoder panics on invalid input
Due to insufficient checking of input data, decoding certain data sequences can lead to Decoder::decode panicking rather than returning an error. Example code that triggers this vulnerability looks like this: rust use hpack::Decoder; pub fn main let input = &0x3f; let mut decoder = Decoder::new;...
`hpack` is unmaintained
The hpack crate is no longer maintained. Consider using fluke-hpack or httlib-huffman...
RUSTSEC-2023-0084 `hpack` is unmaintained
The hpack crate is no longer maintained. Consider using fluke-hpack or httlib-huffman...
GHSA-JCR6-4FRQ-9GJJ Users vulnerable to unaligned read of `*const *const c_char` pointer
Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior. In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibilit...
RUSTSEC-2023-0055 Multiple soundness issues
lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...
PT-2023-27190 · Hitachi · Hitachi Eh-View
Name of the Vulnerable Software and Affected Versions: Hitachi EH-VIEW KeypadDesigner affected versions not specified Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which allows local attackers to potentially disclose information a...
`tui` is unmaintained; use `ratatui` instead
The tui crate is no longer maintained. Consider using the ratatui crate instead...
RUSTSEC-2023-0051 `dlopen_derive` is unmaintained
dlopenderive hasn't been updated since June 9, 2019. dlopenderive depends on quote = "0.6.12" and syn = "0.15.34". Versions 1.0.0 of these dependencies were published on August 13, 2019. The 0. versions haven't received updates since. Note that dlopen is an unmaintained crate from the same...
`dlopen_derive` is unmaintained
dlopenderive hasn't been updated since June 9, 2019. dlopenderive depends on quote = "0.6.12" and syn = "0.15.34". Versions 1.0.0 of these dependencies were published on August 13, 2019. The 0. versions haven't received updates since. Note that dlopen is an unmaintained crate from the same...
PT-2023-36095 · Quote +3 · Quote +3
Name of the Vulnerable Software and Affected Versions: dlopen derive affected versions not specified Description: The issue concerns the dlopen derive crate, which has not been updated since June 9, 2019. It depends on outdated versions of quote and syn, specifically quote = "0.6.12" and syn =...
RUSTSEC-2023-0089 atomic-polyfill is unmaintained
The author has archived the GitHub repository and mentions deprecation in project's README. Possible alternatives portable-atomic...