20 matches found
cargo1.93-1.93.0-3.1 on GA media (moderate)
cargo1.93-1.93.0-3.1 on GA media Announcement ID: openSUSE-SU-2026:10383-1 Rating: moderate Cross-References: CVE-2026-31812 CVSS scores: CVE-2026-31812 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-31812 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:...
OPENSUSE-SU-2026:10383-1 cargo1.93-1.93.0-3.1 on GA media
These are all security issues fixed in the cargo1.93-1.93.0-3.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10384-1 cargo1.94-1.94.0-2.1 on GA media
These are all security issues fixed in the cargo1.94-1.94.0-2.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2022-6662
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-36114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. ...
ROS-20240729-11
A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...
ROS-20240729-09
Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...
OPENSUSE-SU-2024:11769-1 cargo1.58-1.58.0-2.1 on GA media
These are all security issues fixed in the cargo1.58-1.58.0-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11359-1 cargo-1.54.0-1.2 on GA media
These are all security issues fixed in the cargo-1.54.0-1.2 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11767-1 cargo1.56-1.56.1-4.1 on GA media
These are all security issues fixed in the cargo1.56-1.56.1-4.1 package on the GA media of openSUSE Tumbleweed...
ROS-20240402-20
A vulnerability in the Cargo package manager of the Rust programming language is associated with incorrect verification of the of the cryptographic signature. Exploitation of the vulnerability could allow an attacker acting remotely, affect the integrity of protected information via SSH protocol...
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2023-109)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-109 advisory. 2024-02-15: CVE-2022-36113 was added to this advisory. 2024-02-15: CVE-2022-36114 was added to this advisory. Cargo is a package manager for the rust programming language. After a package is...
The vulnerability of the Cargo package manager in the Rust programming language, which allows attackers to compromise the integrity of the protected information
The vulnerability of the Cargo package manager in the Rust programming language is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information via the SSH protocol...
ALPINE-CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-36114 Extracting malicious crates can fill the file system
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...
atomic_cell (=0.1.0) potentially affected by CVE-2021-29937 via telemetry (=0.1.3)
telemetry CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on telemetry and may be impacted: - atomiccell =0.1.0 Source cves: CVE-2021-29937 Source advisory: OSV:RUSTSEC-2021-0046...
SUSE SLED15 / SLES15 Security Update : rust, rust-cbindgen (SUSE-SU-2020:2041-1)
"This update for rust, rust-cbindgen fixes the following issues : rust was updated for use by Firefox 76ESR. Fixed miscompilations with rustc 1.43 that lead to LTO failures bsc1173202 Update to version 1.43.1 Updated openssl-src to 1.1.1g for CVE-2020-1967. Fixed the stabilization of AVX-512...
openSUSE: Security Advisory for rust, (openSUSE-SU-2020:0945-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for rust, (openSUSE-SU-2020:0933-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DEBIAN-CVE-2019-16760
Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...