CVE-2026-42427

OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and...

Ubuntu: Security Advisory (USN-8168-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8168-2: Rust vulnerability

USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archiv...

Ubuntu: Security Advisory (USN-8168-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2026-32712

It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the...

[SECURITY] Fedora 43 Update: rust-1.94.1-1.fc43

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

[SECURITY] Fedora 44 Update: rust-1.94.1-1.fc44

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Rust and Go Directed Fuzzing with LibAFL-DiFuzz

In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

RUSTSEC-2025-0029 totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`

The VariantStrIter::implget function called internally by implementations of the Iterator and DoubleEndedIterator traits for this type was unsound, resulting in undefined behaviour. An immutable reference &p to a mut libc::cchar pointer initialized to NULL was passed as an argument to a C functio...

Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

SUSE CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

GHSA-W3VW-CCC5-QR8V Use After Free in Context::start_auth_session

Impact This issue only applies to applications starting authorization sessions using an explicit initial nonce. When Context::startauthsession was called with a nonce argument value of Some..., the nonce pointer passed down through FFI to EsysStartAuthSession would be a dangling pointer, left ove...

[SECURITY] Fedora 35 Update: rust-1.56.1-1.fc35

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The following packages have been upgraded to a later upstream version: rust 1.52.1. BZ1953002 Security Fixes: rust: optimization for joining strings can cause...

RUSTSEC-2020-0169 multi_mut is Unmaintained

Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...

multi_mut is Unmaintained

Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...

CVE-2019-16760

Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the package configuration key. Usage of the package key to rename dependencies in Cargo.toml is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency,...

Moderate: Red Hat Enhancement Advisory: new packages: rust-toolset-1.29

New rust-toolset-1.29 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. This enhancement...