Lucene search
K

239 matches found

vulnersOsv
vulnersOsv
added 2025/05/06 12:0 p.m.4 views

asn-tools (>=0.2.2 <=0.2.5), bitslideslib (>=0.1.1 <=0.1.2) +13 more potentially affected by unknown CVE via shaman (=0.1.0)

shaman CARGO version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on shaman and may be impacted: - asn-tools =0.2.2, =0.1.1, =0.2.0, =0.2.9, =0.1.0, =0.0.4, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.4 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2025/05/02 12:0 a.m.13 views

CVE-2024-58253

In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value...

2.9CVSS0.00142EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/04/23 12:0 p.m.7 views

acolor (>=0.0.2 <=0.0.11), amberwindow (>=0.1.0 <=0.3.61) +106 more potentially affected by unknown CVE via macroquad (>=0.2.9 <=0.4.15)

macroquad CARGO version =0.2.9, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.0.4, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.6.0 - coldiron =0.1.0 - color-splotch =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0035...

5.7AI score
Exploits0
Fedora
Fedora
added 2025/04/20 4:23 a.m.8 views

[SECURITY] Fedora 42 Update: rust-icu_properties_data-1.5.1-1.fc42

Data for the icuproperties crate...

7.3AI score
Exploits0
Amazon
Amazon
added 2025/04/01 12:0 a.m.12 views

Medium: rust

Issue Overview: The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost. CVE-2023-53159 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

9.1CVSS7AI score0.00329EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2020-36471

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function for yielding values has Send bounds. CVE-2020-36471 Not...

5.9CVSS6.4AI score0.01094EPSS
Exploits1References3
OSV
OSV
added 2025/01/07 3:25 p.m.13 views

GHSA-R5VF-WF4H-82GG matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

Impact Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. Patches matrix-sdk-crypto...

4.3CVSS4.5AI score0.00467EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/07 3:25 p.m.26 views

CVE-2024-52813 matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...

4.3CVSS0.00467EPSS
Exploits0References2
OSV
OSV
added 2024/12/12 12:0 p.m.3 views

RUSTSEC-2024-0437 Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

5.9CVSS5.9AI score0.0038EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/12/09 12:0 p.m.4 views

gtk-layer-shell (>=0.1.0 <=0.8.2), hybrid-bar (>=0.4.7 <=0.4.9) +3 more potentially affected by unknown CVE via gtk-layer-shell-sys (>=0.0.1 <=0.7.0)

gtk-layer-shell-sys CARGO version =0.0.1, =0.1.0, =0.4.7, =0.3.0, =0.1.0, =0.1.0, =0.1.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0423...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/12 12:0 a.m.6 views

Fedora 40 : python-cramjam / rust-async-compression / rust-brotli / etc (2024-b9fc60e1f0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-b9fc60e1f0 advisory. Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compat...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/12 12:0 a.m.6 views

Fedora 39 : python-cramjam / rust-async-compression / rust-brotli / etc (2024-8831059030)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8831059030 advisory. Update rust-brotli-decompressor to 4.0.1, rust-brotli to 7.0.0, and rust-async-compression to 0.4.13. Patch dependent packages as needed to avoid compat...

5.6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/08/08 12:0 p.m.3 views

cauuu (>=0.1.0 <=0.1.1), cosmwasm-check (>=1.1.0 <=1.3.4) +16 more potentially affected by unknown CVE via cosmwasm-vm (>=0.10.1 <=1.3.4)

cosmwasm-vm CARGO version =0.10.1, =0.1.0, =1.1.0, =0.13.2, =0.4.0, =0.4.0, =0.2.0, =0.4.0, =0.2.0, =0.2.1, =0.1.12, =0.1.13 - terra-math =0.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0361...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/07/03 12:0 p.m.2 views

actix-web-opentelemetry (>=0.13.0 <=0.15.0), apikit (>=0.1.0 <=0.2.0) +114 more potentially affected by unknown CVE via opentelemetry_api (>=0.18.0 <=0.20.0)

opentelemetryapi CARGO version =0.18.0, =0.13.0, =0.1.0, =0.0.1, =0.8.1, =4.0.15, =0.1.0, =0.1.0, =0.1.1, =0.4.0-rc.1, =0.5.0, =0.1.0, =6.6.4, =0.0.1, =0.0.1-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0387...

5.7AI score
Exploits0
OSV
OSV
added 2024/02/03 12:28 a.m.21 views

GHSA-F56G-CHQP-22M9 Use after free in libpulse-binding

Overview Version 2.5.0 of the libpulse-binding Rust crate, released on the 22nd of December 2018, fixed a potential use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created...

6.5CVSS6.5AI score0.00988EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/02/03 12:28 a.m.17 views

Use after free in libpulse-binding

Overview Version 2.5.0 of the libpulse-binding Rust crate, released on the 22nd of December 2018, fixed a potential use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a proplist::Iterator to the Proplist object for which it was created...

6.5CVSS7.2AI score0.00988EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/16 9:13 p.m.32 views

Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders

Summary The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a...

6.5CVSS6.7AI score0.00317EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-19265 · Ursa · Ursa

Name of the Vulnerable Software and Affected Versions: Ursa affected versions not specified Description: The revocation scheme in Ursa's CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. A malicious verifier may...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References9
RustSec
RustSec
added 2023/10/19 12:0 p.m.4 views

Potential stack use-after-free in `Instrumented::into_inner`

The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...

7.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.16 views

Fedora 37 : firecracker (2023-1db67725f2)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1db67725f2 advisory. Rebuild dependent packages for vm-memory v0.12.2 to address CVE-2023-41051 / RUSTSEC-2023-0056. - https://vulners.com/cve/CVE-2023-41051 -...

4.7CVSS5.2AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder