Fedora 43 : aw-server-rust / awatcher / nodejs-aw-webui (2026-c9d4e8b9a4)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-c9d4e8b9a4 advisory. Rebuilt with openssl 0.10.79 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Fedora 44 : aw-server-rust / awatcher / nodejs-aw-webui (2026-f4ddcfa64b)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f4ddcfa64b advisory. Rebuilt with openssl 0.10.79 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Fedora 42 : aw-server-rust / awatcher / nodejs-aw-webui (2026-7047e2fec5)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-7047e2fec5 advisory. Rebuilt with openssl 0.10.79 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

Cargo 安全漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in Cargo that stems from the incorrect handling of symbolic links in a crate tarball downloaded from a third-party registry, which could lead to a malicious crate overwriting the source...

Malicious Package

Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

Malicious Package

Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

atm0s-media-server-transport-rtmp (=0.1.0), audiopus (>=0.1.0 <=0.3.0-rc.0) +30 more potentially affected by unknown CVE via audiopus_sys (>=0.1.8 <=0.2.2)

audiopussys CARGO version =0.1.8, =0.1.0, =0.24.0, =0.3.0, =0.4.0, =0.1.0, =0.1.1-alpha, =0.1.0, =0.2.0, =1.2.0, =0.0.1, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0150...

auto-wasi (=0.1.0), deterministic-wasi-ctx (>=0.1.1 <=0.1.14) +53 more potentially affected by CVE-2026-47261 via wasmtime-wasi (>=0.10.0 <=1.0.2)

wasmtime-wasi CARGO version =0.10.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.1.0, =0.1.0, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =0.7.0, =0.9.2 and more Source cves: CVE-2026-47261 Source advisory: OSV:RUSTSEC-2026-0149...

[SECURITY] Fedora 43 Update: rust-nu-0.99.1-17.fc43

A new type of shell...

[SECURITY] Fedora 43 Update: rustup-1.29.0-4.fc43

Manage multiple rust installations with ease...

[SECURITY] Fedora 44 Update: rustup-1.29.0-4.fc44

Manage multiple rust installations with ease...

[SECURITY] Fedora 44 Update: rust-nu-0.99.1-17.fc44

A new type of shell...

PT-2026-42815

Name of the Vulnerable Software and Affected Versions wasmtime-wasi affected versions not specified Description An access control mechanism bypass exists when a filesystem preopen is configured with DirPerms::all and FilePerms::READ without FilePerms::WRITE. This allows bypassing restrictions by...

GHSA-FVVM-949W-QJ4W RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM

RTK Rust Token Killer improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.52.0, the Zip implementation may report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Properly handles FDA objects with a length of zero. A bug has been fixed where an empty FDA fd array object with 0 fds could cause an out-of-bounds error. The previous implementation used skip == 0 to indicate “this i...

Astra Linux - уязвимость в rustc

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.49.0, the String::retain function has a panic security issue. It allows the creation of a non-UTF-8 Rust string when the provided closure panics. This bug could lead to a memory safety violation if other string APIs assume that UTF-8 encoding is us...