9526 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-32314
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a...
Yamux vulnerable to remote Panic via malformed Data frame with SYN set and len = 262145
Summary The Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new inbound stream, stream state is created and a receiver is queued before oversized-body validati...
CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
CVE-2026-32314 Yamux remote Panic via malformed Data frame with SYN set and len = 262145
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
CVE-2026-32314 Yamux remote Panic via malformed Data frame with SYN set and len = 262145
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...
Yamux vulnerable to remote Panic via malformed WindowUpdate credit
Sumary The Rust implementation of Yamux accepts WindowUpdate credit values from the remote peer and applies them to per-stream send-window state. A specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This ...
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to...
acril (=0.1.0), acril-http (=0.1.0) +884 more potentially affected by unknown CVE via http-types (>=1.3.1 <=2.12.0)
http-types CARGO version =1.3.1, =4.0.0, =0.1.0, =0.1.0, =0.3.0, =0.10.0, =0.3.0, =0.1.0, =0.1.0, =0.6.0, =0.0.1, =0.0.6 - aquadoggo =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0174...
RUSTSEC-2026-0174 `Authorization::value` and `WwwAuthenticate::value` can violate ASCII invariants
Authorization::value uses HeaderValue::value with the claim that the internal string is ASCII, but Authorization::new and Authorization::setcredentials accept arbitrary String credentials without validation. As a result, safe code can construct a header value containing non-ASCII UTF-8 while the...
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chronoanchor dnp3times timecalibrator timecalibrators time-sync The crates,...
CVE-2025-58160 affecting package rust for versions less than 1.90.0-4
CVE-2025-58160 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2026-24116 affecting package rust for versions less than 1.75.0-25
CVE-2026-24116 affecting package rust for versions less than 1.75.0-25. A patched version of the package is available...
CVE-2025-67873 affecting package rust for versions less than 1.90.0-4
CVE-2025-67873 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2025-12818 affecting package rust for versions less than 1.90.0-4
CVE-2025-12818 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2025-55159 affecting package rust for versions less than 1.90.0-4
CVE-2025-55159 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2025-4207 affecting package rust for versions less than 1.90.0-4
CVE-2025-4207 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2026-24116 affecting package rust for versions less than 1.90.0-4
CVE-2026-24116 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2025-68114 affecting package rust for versions less than 1.90.0-4
CVE-2025-68114 affecting package rust for versions less than 1.90.0-4. A patched version of the package is available...
CVE-2025-58160 affecting package rust for versions less than 1.75.0-25
CVE-2025-58160 affecting package rust for versions less than 1.75.0-25. A patched version of the package is available...