9399 matches found
Several memory corruption issues via safe APIs
Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...
Poking around in the Dark: Why a Shared Understanding of Components Matters
By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...
EUVD-2026-32996
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...
[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.11.0-2.fc44
A library for streaming reading of files over HTTP using range requests...
[SECURITY] Fedora 44 Update: rust-astral_async_zip-0.0.18~rc4-2.fc44
An asynchronous ZIP archive reading/writing crate...
[SECURITY] Fedora 44 Update: uv-0.11.15-1.fc44
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.2-1.fc44
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43
A library for streaming reading of files over HTTP using range requests...
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.2-1.fc43
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 43 Update: rust-astral_async_zip-0.0.18~rc4-2.fc43
An asynchronous ZIP archive reading/writing crate...
Linux Distros Unpatched Vulnerability : CVE-2026-44983
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec...
CVE-2026-45926
In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...
CVE-2026-45926
In the Linux kernel PWM subsystem, CVE-2026-45926 fixes a memory leak on init error in pwmchip_alloc(). If __pinned_init() fails, the allocated pwm_chip could leak because error paths did not call pwmchip_put(). The patch ensures the initial reference is released on all error paths, preventing a ...
CVE-2026-45926 rust: pwm: Fix potential memory leak on init error
In the Linux kernel, the following vulnerability has been resolved: rust: pwm: Fix potential memory leak on init error When initializing a PWM chip using pwmchipalloc, the allocated device owns an initial reference that must be released on all error paths. If pinnedinit were to fail, the allocate...
[SECURITY] Fedora 43 Update: rust-eif_build-0.2.1-7.fc43
This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...
[SECURITY] Fedora 43 Update: rust-coreos-installer-0.26.0-2.fc43
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
[SECURITY] Fedora 43 Update: rust-afterburn-5.10.0-7.fc43
A simple cloud provider agent...
[SECURITY] Fedora 43 Update: rust-sequoia-sq-1.3.1-11.fc43
Command-line frontends for Sequoia...
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-12.fc43
Sequoia's reimplementation of the GnuPG interface...