239 matches found
asn-tools (>=0.2.2 <=0.2.5), bitslideslib (>=0.1.1 <=0.1.2) +13 more potentially affected by unknown CVE via shaman (=0.1.0)
shaman CARGO version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on shaman and may be impacted: - asn-tools =0.2.2, =0.1.1, =0.2.0, =0.2.9, =0.1.0, =0.0.4, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.4 Source cves: unknown CVE Source advisory:...
CVE-2024-58253
In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...
acolor (>=0.0.2 <=0.0.11), amberwindow (>=0.1.0 <=0.3.61) +106 more potentially affected by unknown CVE via macroquad (>=0.2.9 <=0.4.15)
macroquad CARGO version =0.2.9, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.0.4, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.6.0 - coldiron =0.1.0 - color-splotch =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0035...
[SECURITY] Fedora 42 Update: rust-icu_properties_data-1.5.1-1.fc42
Data for the icuproperties crate...
Medium: rust
Issue Overview: The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost. CVE-2023-53159 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...
Linux Distros Unpatched Vulnerability : CVE-2020-36471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function for yielding values has Send bounds. CVE-2020-36471 Not...
GHSA-R5VF-WF4H-82GG matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...
CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...
RUSTSEC-2024-0437 Crash due to uncontrolled recursion in protobuf crate
Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...
gtk-layer-shell (>=0.1.0 <=0.8.2), hybrid-bar (>=0.4.7 <=0.4.9) +3 more potentially affected by unknown CVE via gtk-layer-shell-sys (>=0.0.1 <=0.7.0)
gtk-layer-shell-sys CARGO version =0.0.1, =0.1.0, =0.4.7, =0.3.0, =0.1.0, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0423...
Fedora 40 : python-cramjam / rust-async-compression / rust-brotli / etc (2024-b9fc60e1f0)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-b9fc60e1f0 advisory. Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compat...
Fedora 39 : python-cramjam / rust-async-compression / rust-brotli / etc (2024-8831059030)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8831059030 advisory. Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compat...
cauuu (>=0.1.0 <=0.1.1), cosmwasm-check (>=1.1.0 <=1.3.4) +16 more potentially affected by unknown CVE via cosmwasm-vm (>=0.10.1 <=1.3.4)
cosmwasm-vm CARGO version =0.10.1, =0.1.0, =1.1.0, =0.13.2, =0.4.0, =0.4.0, =0.2.0, =0.4.0, =0.2.0, =0.2.1, =0.1.12, =0.1.13 - terra-math =0.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0361...
actix-web-opentelemetry (>=0.13.0 <=0.15.0), apikit (>=0.1.0 <=0.2.0) +114 more potentially affected by unknown CVE via opentelemetry_api (>=0.18.0 <=0.20.0)
opentelemetryapi CARGO version =0.18.0, =0.13.0, =0.1.0, =0.0.1, =0.8.1, =4.0.15, =0.1.0, =0.1.0, =0.1.1, =0.4.0-rc.1, =0.5.0, =0.1.0, =6.6.4, =0.0.1, =0.0.1-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0387...
GHSA-F56G-CHQP-22M9 Use after free in libpulse-binding
Overview Version 2.5.0 of the libpulse-binding Rust crate, released on the 22nd of December 2018, fixed a potential use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created...
Use after free in libpulse-binding
Overview Version 2.5.0 of the libpulse-binding Rust crate, released on the 22nd of December 2018, fixed a potential use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created...
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...
PT-2024-19265 · Ursa · Ursa
Name of the Vulnerable Software and Affected Versions: Ursa affected versions not specified Description: The revocation scheme in Ursa's CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. A malicious verifier may...
Potential stack use-after-free in `Instrumented::into_inner`
The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...
Fedora 37 : firecracker (2023-1db67725f2)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1db67725f2 advisory. Rebuild dependent packages for vm-memory v0.12.2 to address CVE-2023-41051 / RUSTSEC-2023-0056. - https://vulners.com/cve/CVE-2023-41051 -...