9470 matches found
Medium: device-mapper-persistent-data
Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...
Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...
Important: papers
Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue RUSTSEC-2026-0097 was also found in the bundled Rust rand crate. ThreadRng methods us...
Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...
[SECURITY] Fedora 44 Update: rust-1.96.0-1.fc44
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...
Fedora 44 : rust (2026-e251935c8f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...
CVE-2026-35457
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer...
CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2
CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2. A patched version of the package is available...
[SECURITY] Fedora 44 Update: rust-sequoia-wot-0.15.2-1.fc44
An implementation of OpenPGP's web of trust...
[SECURITY] Fedora 44 Update: rust-sequoia-sq-1.3.1-12.fc44
Command-line frontends for Sequoia...
[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-4.fc44
An implementation of the Stateless OpenPGP Interface using Sequoia...
[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc44
Sequoia's reimplementation of the GnuPG interface...
[SECURITY] Fedora 44 Update: rust-sequoia-cert-store-0.7.3-1.fc44
A certificate database interface...
[SECURITY] Fedora 43 Update: rust-sequoia-wot-0.15.2-1.fc43
An implementation of OpenPGP's web of trust...
[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-12.fc43
Command-line frontends for Sequoia...
[SECURITY] Fedora 43 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc43
Reimplementation of RNP's interface using Sequoia for use with Thunderbird...
Malicious code in arjson (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
MAL-2026-5191 Malicious code in wdb-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...
Malicious code in hbsig (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...