24 matches found
EUVD-2021-1777
Malware in sbrugna...
EUVD-2024-2430
Malicious code in bioql PyPI...
CVE-2021-38188
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
CVE-2024-6960
The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class whitelist. An attacker can construct ...
H2O vulnerable to Deserialization of Untrusted Data
The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class whitelist. An attacker can construct ...
CVE-2024-6960 H2O deserializes ML models without filtering, potentially allowing execution of malicious code
The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class whitelist. An attacker can construct ...
CVE-2024-6960
CVE-2024-6960 describes an unsafe deserialization flaw in H2O’s Iced framework: deserialized models can execute arbitrary code due to lack of a class whitelist. Public sources (including Red Hat RH/CVE and PT-Security) confirm this affects H2O, enabling potential code execution when importing cra...
iced-image.de Improper Access Control vulnerability OBB-3767513
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
orbtk is Unmaintained
The orbtk crate is no longer maintained. Alternatives proposed by the authors: iced slint...
RUSTSEC-2022-0060 orbtk is Unmaintained
The orbtk crate is no longer maintained. Alternatives proposed by the authors: iced slint...
PT-2022-37426 · Orbtk · Orbtk
Name of the Vulnerable Software and Affected Versions: orbtk affected versions not specified Description: The orbtk crate is no longer maintained. As a result, it may pose a risk due to potential unaddressed issues. The authors have proposed alternatives, including iced and slint. Recommendations...
Scemu - X86 32bits Emulator, For Securely Emulating Shellcodes
x86 32bits emulator, for securely emulating shellcodes. Features rust safety, good for malware. All dependencies are in rust. zero unsafe blocks. very fast emulation much faster than unicorn 3,000,000 instructions/second 100,000 instructions/second printing every instruction -vv. powered by...
GHSA-JJX5-3F36-6927 Incorrect buffer size calculation in iced-x86
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
Incorrect buffer size calculation in iced-x86
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
Mozilla Rust has an unspecified vulnerability (CNVD-2021-61408)
A security vulnerability exists in the Iced-x86 crate of Mozilla Rust version 1.10.3, which could be exploited by attackers to launch further attacks on the system...
CVE-2021-38188
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
CVE-2021-38188
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
Code injection
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
CVE-2021-38188
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...
CVE-2021-38188
The CVE-2021-38188 issue concerns the iced-x86 crate (Rust) up to version 1.10.3. The root cause is unsafe use of slice.get_unchecked(slice.length()) in Decoder::new(), which can lead to undefined behavior and potential security impact as described by multiple advisories. Public details consisten...