9526 matches found
SUSE-RU-2026:1001-1 Recommended update for rust1.94
This update for rust1.94 fixes the following issues: This update adds rust1.94. Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0 - CVE-2026-31812: avoid unwrapping varint decoding during parameters parsing bsc1259623...
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...
SUSE CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
📄 activitypub-federation-rust 0.7.1 Server-Side Request Forgery
activitypub-federation-rust versions 0.7.1 and below suffer from a server-side request forgery vulnerability. CVE-2026-33693: SSRF via 0.0.0.0 Bypass in activitypub-federation-rust v4isinvalid CVSS 6.5 Moderate Keywords: SSRF, 0.0.0.0, IP validation bypass, activitypub-federation, Lemmy, Rust,...
Linux Distros Unpatched Vulnerability : CVE-2026-33040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.49.3, the Gossipsub implementation accepts...
Ubuntu: Security Advisory (USN-8118-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 45 : rustup (2026-49ec7a73a3)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-49ec7a73a3 advisory. Automatic update for rustup-1.29.0-2.fc45. Changelog Sun Mar 22 2026 Benjamin A. Beasley - 1.29.0-2 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Fixes...
Fedora 45 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-c6c01a71f2)
The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c6c01a71f2 advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45 to 0.4.45, fixing CVE-2026-33056. Update uv and...
EUVD-2026-13863
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
EUVD-2026-13596
tar-rs incorrectly ignores PAX size headers if header size is nonzero...
IMAPServer (=0.1.0), NeteaseCloudMusicRustApi (=0.1.1) +1948 more potentially affected by unknown CVE via tokio-udp (>=0.1.0 <=0.2.0-alpha.1)
tokio-udp CARGO version =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0 - actix-cors =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0064...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3032 more potentially affected by unknown CVE via tokio-current-thread (>=0.1.7 <=0.2.0-alpha.1)
tokio-current-thread CARGO version =0.1.7, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.8.0, =0.13.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0054...
IMAPServer (=0.1.0), NeteaseCloudMusicRustApi (=0.1.1) +2123 more potentially affected by unknown CVE via tokio-codec (>=0.1.2 <=0.2.0-alpha.6)
tokio-codec CARGO version =0.1.2, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0056...
adventure-rusoto-ecs (=0.4.0), adventure-rusoto-sns (=0.4.0) +240 more potentially affected by unknown CVE via tokio-process (>=0.1.6 <=0.3.0-alpha.2)
tokio-process CARGO version =0.1.6, =0.0.2, =0.0.1, =0.1.5, =0.1.0, =0.2.1, =0.3.0, =0.1.0, =0.21.0, =0.2.0, =0.6.0, =0.6.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0055...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3229 more potentially affected by unknown CVE via tokio-executor (>=0.1.10 <=0.2.0-alpha.6)
tokio-executor CARGO version =0.1.10, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0063...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3137 more potentially affected by unknown CVE via tokio-timer (>=0.1.2 <=0.3.0-alpha.6)
tokio-timer CARGO version =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0060...
BeerHolderBot (>=0.1.0 <=0.3.6), NeteaseCloudMusicRustApi (=0.1.1) +1852 more potentially affected by unknown CVE via tokio-tls (>=0.2.1 <=0.3.1)
tokio-tls CARGO version =0.2.1, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.7.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.0, =0.4.1 - actix-server =0.8.0-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0053...
IMAPServer (=0.1.0), OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2) +1893 more potentially affected by unknown CVE via tokio-fs (>=0.1.7 <=0.2.0-alpha.6)
tokio-fs CARGO version =0.1.7, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0061...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3116 more potentially affected by unknown CVE via tokio-reactor (>=0.1.12 <=0.2.0-alpha.1)
tokio-reactor CARGO version =0.1.12, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.8.0, =0.13.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0057...