EUVD-2022-6662

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-36114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. ...

ROS-20240729-11

A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

ROS-20240729-09

Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...

ROS-20240402-20

A vulnerability in the Cargo package manager of the Rust programming language is associated with incorrect verification of the of the cryptographic signature. Exploitation of the vulnerability could allow an attacker acting remotely, affect the integrity of protected information via SSH protocol...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2023-109)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-109 advisory. 2024-02-15: CVE-2022-36113 was added to this advisory. 2024-02-15: CVE-2022-36114 was added to this advisory. Cargo is a package manager for the rust programming language. After a package is...

The vulnerability of the Cargo package manager in the Rust programming language, which allows attackers to compromise the integrity of the protected information

The vulnerability of the Cargo package manager in the Rust programming language is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information via the SSH protocol...

ALPINE-CVE-2022-46176

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...

CVE-2022-36114 Extracting malicious crates can fill the file system

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...