9526 matches found
Fedora 43 : rust-ingredients (2026-d0a08cfd21)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d0a08cfd21 advisory. Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
[SECURITY] Fedora 43 Update: rust-cryptoki-sys-0.5.0-2.fc43
FFI wrapper around the PKCS 11 API...
[SECURITY] Fedora 43 Update: rust-cryptoki-0.12.0-2.fc43
Rust-native wrapper around the PKCS 11 API...
[SECURITY] Fedora 43 Update: rust-asn1-0.22.0-1.fc43
ASN.1 DER parser and writer for Rust...
[SECURITY] Fedora 43 Update: rust-wycheproof-0.6.0-1.fc43
Wycheproof test vectors...
[SECURITY] Fedora 43 Update: rust-asn1_derive-0.22.0-1.fc43
...
[SECURITY] Fedora 43 Update: kryoptic-1.5.0-2.fc43
A PKCS 11 software token written in Rust...
CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...
CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...
CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...
CVE-2026-33693
Lemmy’s Activitypub-Federation vulnerable component: Rust-based v4_is_invalid() in activitypub_federation-rust fails to check IPv4Addr::UNSPECIFIED (0.0.0.0). An unauthenticated attacker controlling a remote domain could direct 0.0.0.0 and bypass SSRF protections, reaching localhost services on t...
Fedora: Security Advisory (FEDORA-2026-9d5b9f45ec)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
CVE-2026-33241
Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...
CVE-2026-33040
libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts attacker-controlled PRUNE backoff values and may perform unchecked time arithmetic when storing backoff state. A specially crafted PRUNE contr...
Fedora 43 : kryoptic / pyOpenSSL / python-cryptography / rust-asn1 / etc (2026-9d5b9f45ec)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-9d5b9f45ec advisory. - Update pyOpenSSL to v26.0.0 security update - Update python-cryptography to v46.0.5 dependency of pyOpenSSL 26 - Update rust-asn1 to 0.22 dependency of...
SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for rust1.94 (SUSE-SU-SUSE-RU-2026:1001-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2026:1001-1 advisory. This update adds rust1.94. Release notes can be found externally:...
GHSA-Q537-8FR5-CW35 Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...