187 matches found
areq (=0.1.0-alpha), bws-web-server (>=0.1.0 <=0.1.1) +26 more potentially affected by unknown CVE via h2 (=0.4.14)
h2 CARGO version =0.4.14 is affected by a known vulnerability. The following packages have a transitive dependency on h2 and may be impacted: - areq =0.1.0-alpha - bws-web-server =0.1.0, =0.5.2, =0.1.0, =1.0.0, =1.5.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.0 and more Source cves: unknown CVE Sourc...
Important: rust
Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: rust Issue Correction: Run dnf update rust --releasever 2023.4.20240319 to update your system. New...
Important: rust
Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: rust Issue Correction: Run dnf update rust --releasever 2023.4.20240319 or dnf update --advisory...
Amazon Linux 2 : rust (ALAS-2024-2504)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2504 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE:...
aide (>=0.1.0 <=0.4.3), bpxe (>=0.1.0 <=0.1.2) +38 more potentially affected by unknown CVE via linkme (>=0.1.6 <=0.2.10)
linkme CARGO version =0.1.6, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.2-alpha, =0.0.2-alpha, =0.0.4-alpha and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0407...
ashpd (>=0.2.0 <=0.4.0-alpha.4) potentially affected by unknown CVE via gdkx11 (>=0.14.0 <=0.17.0)
gdkx11 CARGO version =0.14.0, =0.2.0, =0.4.0-alpha.4 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0417...
UWUWUW (>=0.13.2 <=0.13.4), ashpd (>=0.2.0 <=0.4.0-alpha.4) +65 more potentially affected by unknown CVE via gdkx11-sys (>=0.10.0 <=0.18.2)
gdkx11-sys CARGO version =0.10.0, =0.13.2, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.3.0, =0.1.0, =0.4.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0414...
Druid_task1 (=0.1.0), UWUWUW (>=0.13.2 <=0.13.4) +274 more potentially affected by unknown CVE via atk (>=0.14.0 <=0.9.0)
atk CARGO version =0.14.0, =0.13.2, =1.0.0, =0.2.0, =0.1.0, =0.1.2, =0.2.0, =0.21.0, =0.1.0, =0.1.0, =0.2.0, =0.2.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0413...
a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +885 more potentially affected by CVE-2024-24575 +1 more via libgit2-sys (>=0.10.0 <=0.15.2+1.6.4)
libgit2-sys CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.2.0, =1.4.7 - amisgitpm =0.0.1 - android-cli =0.2.0 - angreal =2.0.0-rc.1 and more Source cves: CVE-2024-24575, CVE-2024-24577 Source advisory: OSV:RUSTSEC-2024-0013...
Medium: rust
Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...
AskAI (=0.1.0), ac-rumqttc (>=0.21.0-alpha.1 <=0.21.0-alpha.2) +1053 more potentially affected by CVE-2023-43669 via tungstenite (>=0.10.1 <=0.19.0)
tungstenite CARGO version =0.10.1, =0.21.0-alpha.1, =0.1.41, =0.1.0, =0.0.4, =0.1.0, =0.10.0-alpha.1.6, =0.6.0, =0.1.0, =0.1.0, =0.1.2 and more Source cves: CVE-2023-43669 Source advisory: OSV:RUSTSEC-2023-0065...
SUSE-SU-2023:3722-1 Security update for rust, rust1.72
This update for rust, rust1.72 fixes the following issues: Changes in rust: - Update to version 1.72.0 - for details see the rust1.72 package Changes in rust1.72: - CVE-2023-40030: fix minor non-exploited issue in cargo bsc1214689 Version 1.72.0 2023-08-24 ========================== Language...
acme-client (>=0.1.0 <=0.2.0), aerial (=0.1.0) +691 more potentially affected by unknown CVE via hpack (>=0.2.0 <=0.3.0)
hpack CARGO version =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.7.0, =0.0.1, =0.1.0, =0.5.0, =0.1.3, =0.1.13 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0085...
HPGO (=0.9.2), algebraics (>=0.1.2 <=0.2.0) +243 more potentially affected by unknown CVE via inventory (>=0.1.10 <=0.1.11)
inventory CARGO version =0.1.10, =0.1.2, =0.11.0, =0.2.0, =0.1.0, =0.6.0, =0.7.0, =0.6.0, =0.5.0, =0.6.0, =0.4.0, =0.6.0, =0.5.0, =0.15.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0057...
BrandoCulqi (=1.0.1), IMAPServer (=0.1.0) +2299 more potentially affected by unknown CVE via lexical-core (>=0.1.3 <=0.8.5)
lexical-core CARGO version =0.1.3, =1.0.0, =1.0.1, =0.10.0-dev0, =0.2.0, =0.1.0, =0.2.0, =0.1.1, =0.5.1, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0086...
anchor-client (=0.26.0), basejmp (=0.1.0) +251 more potentially affected by unknown CVE via dlopen_derive (=0.1.4)
dlopenderive CARGO version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on dlopenderive and may be impacted: - anchor-client =0.26.0 - basejmp =0.1.0 - bonfida-test-utils =0.1.0 - bonfida-utils =0.2.3, =0.2.0, =1.0.4, =2.0.16, =1.4.2, =1.3.0,...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +4086 more potentially affected by unknown CVE via memoffset (>=0.1.0 <=0.5.6)
memoffset CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.8.0, =0.4.0, =0.5.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0045...
acari-lib (>=0.1.11 <=0.1.12), acme-rs (>=0.1.0 <=0.2.0) +299 more potentially affected by unknown CVE via multipart (>=0.10.2 <=0.9.1)
multipart CARGO version =0.10.2, =0.1.11, =0.1.0, =0.9.2, =0.2.0, =0.1.0, =0.0.1, =0.1.5, =0.0.1, =0.1.0, =1.0.0, =0.26.1, =0.4.4, =0.26.1 - authenticator =0.3.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0050...
bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)
openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0022...
bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)
openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0024...