Lucene search
K

3466 matches found

OSV
OSV
added 2026/03/20 12:0 p.m.6 views

RUSTSEC-2026-0059 `tokio-tcp` is unmaintained

The tokio-tcp crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0References3
RustSec
RustSec
added 2026/03/20 12:0 p.m.6 views

`tokio-udp` is unmaintained

The tokio-udp crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0
RustSec
RustSec
added 2026/03/20 12:0 p.m.7 views

`tokio-sync` is unmaintained

The tokio-sync crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0
RustSec
RustSec
added 2026/03/20 12:0 p.m.8 views

`tokio-executor` is unmaintained

The tokio-executor crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0
OSV
OSV
added 2026/03/20 12:0 p.m.5 views

RUSTSEC-2026-0064 `tokio-udp` is unmaintained

The tokio-udp crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0References3
OSV
OSV
added 2026/03/20 12:0 p.m.5 views

RUSTSEC-2026-0050 `tokio-uds` is unmaintained

The tokio-uds crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

5.7AI score
Exploits0References3
OSV
OSV
added 2026/03/20 8:16 a.m.5 views

UBUNTU-CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

6.5CVSS5.9AI score0.00379EPSS
Exploits1References7
NVD
NVD
added 2026/03/20 7:16 a.m.5 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS0.00397EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/20 7:11 a.m.3 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.9 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7AI score0.00397EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 12:0 p.m.6 views

RUSTSEC-2026-0068 tar-rs incorrectly ignores PAX size headers if header size is nonzero

Versions 0.4.44 and below of tar-rs have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518astral-cve, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the...

5.1CVSS5.7AI score0.00397EPSS
Exploits1References2
OSV
OSV
added 2026/03/14 12:0 p.m.5 views

RUSTSEC-2026-0040 `tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

5.8AI score
Exploits0References2
RustSec
RustSec
added 2026/03/14 12:0 p.m.16 views

`tracing-ethers` was removed from crates.io due to malicious code

The tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.app The malicious crate had 9 version published on 2026-03-09 approximately 5 days before removal and had no evidence of actual downloads. There were no crates depending on this crate on crates.io. Thanks to the...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/11 12:0 p.m.14 views

RUSTSEC-2026-0174 `Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants

Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...

5.7AI score
Exploits0References3
RustSec
RustSec
added 2026/03/10 12:0 p.m.19 views

`chrono_anchor` was removed from crates.io due to malicious code

The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.7 views

Amazon Linux 2023 : firefox (ALAS2023-2026-1445)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1445 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.8 views

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3177 (ALAS-2026-3177)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3177 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...

6.8CVSS5.8AI score0.00291EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 9:15 p.m.5 views

GHSA-MH23-RW7F-V5PQ `time-sync` was removed from crates.io due to malicious code

The time-sync crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. This the same attack that we've seen three times in the last few days. The malicious crate had 1 version published on 2026-03-04 approximately 50 minutes before...

6AI score
Exploits0References1
OSV
OSV
added 2026/03/05 12:43 a.m.1 views

GHSA-XHW7-JHMP-J62J `dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the recent timecalibrator and timecalibrators malware. The malicious cra...

6AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/05 12:43 a.m.9 views

`dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the recent timecalibrator and timecalibrators malware. The malicious cra...

6AI score
Exploits0References2Affected Software1
Rows per page
Query Builder