EUVD-2023-0503

Malicious code in bioql PyPI...

CVE-2024-28854

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

RUSTSEC-2024-0341 Slow loris vulnerability with default configuration

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

ferris-says has undefined behavior when not using UTF-8

Affected versions receive a &u8 from the caller through a safe API, and pass it directly to the unsafe str::fromutf8unchecked function. The behavior of ferrissays::say is undefined if the bytes from the caller don't happen to be valid UTF-8. The flaw was corrected in ferris-says21 by using the sa...

memoffset allows reading uninitialized memory

memoffset allows attempt of reading data from address 0 with arbitrary type. This behavior is an undefined behavior because address 0 to std::mem::sizeof may not have valid bit-pattern with T. Old implementation dereferences uninitialized memory obtained from std::mem::alignof. Older implementati...

webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

Design/Logic Flaw

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

CVE-2022-45299 affects rust-lang/webbrowser-rs v0.8.2. The issue in the IpFile argument allows an attacker to access arbitrary files by supplying a crafted URL. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 9.8 (CRITICAL). Exploitation details are not provided i...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

GHSA-969W-Q74Q-9J8V Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...

Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...

RUSTSEC-2022-0070 Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code

Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...