11 matches found
TencentOS Server 4: rust (TSSA-2024:0635)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0635 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Fedora: Security Advisory (FEDORA-2023-6f419dc91b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 5.0: Rust PHSA-2023-5.0-0177
An update of the rust package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0177. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
openSUSE: Security Advisory for rust, rust1.72 (SUSE-SU-2023:3722-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2024-497)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-497 advisory. Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by...
Amazon Linux 2 : rust (ALAS-2024-2426)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2426 advisory. Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not esca...
Medium: rust
Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...
CVE-2023-40030 affecting package rust for versions less than 1.72.0-2
CVE-2023-40030 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...
SUSE-SU-2023:3722-1 Security update for rust, rust1.72
This update for rust, rust1.72 fixes the following issues: Changes in rust: - Update to version 1.72.0 - for details see the rust1.72 package Changes in rust1.72: - CVE-2023-40030: fix minor non-exploited issue in cargo bsc1214689 Version 1.72.0 2023-08-24 ========================== Language...
CVE-2023-40030
creationtimestamp| type| source ---|---|--- 2023-08-25 02:13:41+00:00| seen| https://t.me/cibsecurity/69169...
CVE-2023-40030
Summary (CVE-2023-40030): Cargo could include unescaped Cargo feature names in the timings report, enabling potential cross-site scripting if the report is uploaded to a site that uses credentials. This affects builds using dependencies from git/local paths/alternative registries; crates.io-only ...