OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 00:03:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,094 Commits 1 Branch 0 Tags
938076e0e0ef538cd44cd338e98b5dabc24fa1c2
Commit Graph

2094 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
938076e0e0 Assigned RUSTSEC-2024-0002 to vmm-sys-util (#1850) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2024-01-13 22:39:46 -05:00
github-actions[bot]
d5e908dade Assigned RUSTSEC-2024-0001 to ferris-says (#1849) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2024-01-13 22:38:29 -05:00
Babis Chalios
f7f59c0974 Import CVE-2023-50711 as RustSec advisory (#1847) 
Signed-off-by: Babis Chalios <bchalios@amazon.es>
 2024-01-13 22:34:57 -05:00
David Tolnay
7b8823be86 Unsound use of str::from_utf8_unchecked in ferris-says (#1848) 2024-01-13 22:33:41 -05:00
github-actions[bot]
a5fb72de31 Assigned RUSTSEC-2023-0077 to rosenpass (#1844) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-12-21 11:45:18 -07:00
Morgan Hill
20107217b7 Create advisory for DoS in Rosenpass <=0.2.0 (#1823) 2023-12-21 11:44:13 -07:00
github-actions[bot]
dc1d79ccc5 Assigned RUSTSEC-2023-0076 to cpython (#1843) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-12-20 17:34:55 -05:00
Fabio Valentini
5fbac74663 cpython is unmaintained (#1822) 2023-12-20 17:34:08 -05:00
github-actions[bot]
d8c40865e9 Assigned RUSTSEC-2023-0075 to unsafe-libyaml (#1842) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-12-20 17:33:59 -05:00
Trevor Gross
dd8913608d Update the wording of RUSTSEC-2023-0072 (#1831) 
Make the interior mutability issue more clear
 2023-12-20 17:33:20 -05:00
David Tolnay
41cc7a12a2 Unaligned write in unsafe-libyaml (#1841) 2023-12-20 17:32:37 -05:00
github-actions[bot]
bc17aeb683 Assigned RUSTSEC-2023-0074 to zerocopy (#1839) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-12-18 08:49:59 -07:00
Joshua Liebow-Feeser
d000c08450 zerocopy: Some Ref methods are unsound with some type params (#1837) 
For more information:
- https://github.com/google/zerocopy/issues/716
- https://github.com/google/zerocopy/security/advisories/GHSA-3mv5-343c-w2qg
 2023-12-18 08:35:59 -07:00
Lukas Braune
fd71859263 Update CVSS score of RUSTSEC-2023-0071 (#1838) 
CVSS score has been updated by the package maintainer:
https://github.com/github/advisory-database/pull/3030
https://github.com/advisories/GHSA-c38w-74pg-36hr

Moreover, there is a duplicate GHSA which should be mentioned as alias:
https://github.com/advisories/GHSA-4grx-2x9w-596c
 2023-12-15 07:57:06 -07:00
github-actions[bot]
6ef1d1fd84 Assigned RUSTSEC-2023-0073 to candid (#1835) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-12-09 10:05:32 +00:00
Raghav Sundaravaradan
bcd3d307a6 Add advisory for candid library decoding DoS vulnerability (#1834) 2023-12-09 10:00:43 +00:00
Tony Arcieri
43af5fef05 RUSTSEC-2023-0071: add CVE-2023-49092 as alias (#1830) 2023-11-28 10:40:54 -07:00
Tony Arcieri
09b17fcfbf RUSTSEC-2023-0071.md: use '###' section headers (#1829) 2023-11-28 09:47:19 -07:00
Tony Arcieri
63d59acfce RUSTSEC-2023-0071: add CVSS, aliases, and new wording (#1828) 
I requested a GHSA/CVE and in the process rewrote the adivosry using
their template (which maybe we should adopt something similar to).
 2023-11-28 08:30:30 -07:00
github-actions[bot]
ae4bf4ea16 Assigned RUSTSEC-2023-0072 to openssl (#1827) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-11-28 09:17:30 -05:00
Alex Gaynor
c420785f45 openssl X509StoreRef::objects is unsound (#1824) 2023-11-28 09:16:52 -05:00
github-actions[bot]
a9468c3c3a Assigned RUSTSEC-2023-0071 to rsa (#1826) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-11-28 07:10:45 -07:00
Tony Arcieri
b40bd2ae82 Add Marvin Attack on rsa crate (#1825) 2023-11-28 07:09:29 -07:00
github-actions[bot]
3338fcfb59 Assigned RUSTSEC-2023-0070 to self_cell (#1820) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-11-11 14:59:01 +00:00
Lukas Bergdoll
0c128ba5cc Add Insufficient covariance check makes self_cell unsound (#1818) 2023-11-11 14:48:23 +00:00
Paolo Barbolini
0f4e16f7cd Add patched version to RUSTSEC-2023-0029 (#1817) 2023-11-08 10:57:41 +01:00
github-actions[bot]
378e212597 Assigned RUSTSEC-2023-0069 to sudo-rs (#1816) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-11-06 12:48:19 +00:00
Meet Patel
6887c29bff sudo-rs: Path Traversal vulnerability (#1814) 2023-11-06 12:47:10 +00:00
Michael Kedar
088ec034cf Remove CVE-2020-25575 from RUSTSEC-2019-0030 aliases (#1815) 
RUSTSEC-2019-0030 doesn't seem to have anything to do with CVE-2020-25575
 2023-11-02 13:03:48 +00:00
Alexander Kjäll
0c251c3c9a add CVE alias to RUSTSEC-2023-0066 (#1811) 2023-10-28 16:16:37 +00:00
github-actions[bot]
57d5993efb Assigned RUSTSEC-2023-0068 to cocoon (#1810) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-10-23 19:38:27 -06:00
Alexander Fadeev
0da5ced09c cocoon: sequential calls of encryption API result in nonce reuse (<=0.3.3) (#1805) 2023-10-23 19:36:07 -06:00
Noam Ta Shma
71d80e811f Updating information about replacements (#1803) 2023-10-14 21:21:18 +00:00
github-actions[bot]
58c33af7fa Assigned RUSTSEC-2023-0067 to fehler (#1801) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-10-14 09:01:02 -06:00
SandaruKasa
184d6c72af fehler is unmaintained (#1800) 2023-10-14 08:50:37 -06:00
github-actions[bot]
da470caa84 Assigned RUSTSEC-2023-0066 to pleaser (#1799) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-10-03 13:53:18 +00:00
Alexander Kjäll
59c41cbaa6 Document the privilege-escalation vulnerability in pleaser. (#1798) 
* Document the privilege-escalation vulnerability in pleaser. Note that the reproducer doesn't work out of the box on a modern kernel, as the ioctl TIOCSTI is disabled by default nowadays

* reviewer feedback: Include a description on how to check if you are vulnerable, fix a typo

* Revert "reviewer feedback: Include a description on how to check if you are vulnerable, fix a typo"

This reverts commit 94a4a83bd3ea0518cd2bc8a670fac1b0405da7ad.

* Fix typo

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-10-03 13:52:15 +00:00
Brian Smith
46754ce937 Update webpki RUSTSEC-2023-0052 advisory. (#1797) 2023-09-30 16:13:23 -04:00
github-actions[bot]
4c60d39456 Assigned RUSTSEC-2023-0065 to tungstenite (#1796) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-29 12:03:03 +00:00
Dirkjan Ochtman
2a2c8a0f01 Create advisory for tungstenite DoS (#1795) 
* Create advisory for tungstenite DoS

* drop empty `keywords` key

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-09-29 12:00:45 +00:00
Max Ammann
9b6403d856 Add patch version (#1794) 2023-09-28 14:31:43 +00:00
Kornel
b2af5ad856 Update info about CVE-2023-5129 (#1793) 2023-09-26 15:50:50 +02:00
Sergey "Shnatsel" Davidoff
8c5609f192 Bump rustsec-admin to 0.8.8 (#1791) 2023-09-25 18:00:04 +00:00
github-actions[bot]
7b510556ab Assigned RUSTSEC-2023-0064 to gix-transport (#1790) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-25 12:04:51 +00:00
Sebastian Thiel
851e5c9638 Add notice to gix-transport crate (#1789) 
* Add vulnerability for gix-transport crate

Reproducer with `gix` (CLI) v0.29

* `gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo'`
    - This will launch a calculator on OSX.

Fixed in `gix` (CLI) v0.30.

See https://secure.phabricator.com/T12961 for more details.

This issue was discovered by @vin01 whom I thank for their diligence!

* Add credits to researcher who found the issue: vin01

https://github.com/vin01
 2023-09-25 12:03:35 +00:00
github-actions[bot]
81594d9fd5 Assigned RUSTSEC-2023-0063 to quinn-proto (#1788) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-21 11:37:21 +00:00
Dirkjan Ochtman
69e85eff7f Add advisory for quinn-proto DoS issue (#1787) 2023-09-21 11:30:28 +00:00
github-actions[bot]
12719bd23b Assigned RUSTSEC-2023-0062 to bcder (#1783) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-09-13 17:52:21 +02:00
Martin Hoffmann
3fefc61182 CVE-2023-39914 in bcder. (#1782) 
* CVE-2023-39914 in bcder.

* Improve advisory data.

* Remove comments.

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2023-09-13 17:46:14 +02:00
github-actions[bot]
19e0777eb7 Assigned RUSTSEC-2023-0060 to libwebp-sys2, RUSTSEC-2023-0061 to libwebp-sys (#1781) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-09-13 10:10:22 -04:00