Vulnerabilities > Rust Lang

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-40030 Cross-site Scripting vulnerability in Rust-Lang Rust
Cargo downloads a Rust project’s dependencies and compiles the project.
network
low complexity
rust-lang CWE-79
6.1
2023-08-04 CVE-2023-38497 Insecure Preserved Inherited Permissions vulnerability in multiple products
Cargo downloads the Rust project’s dependencies and compiles the project.
local
low complexity
rust-lang fedoraproject CWE-278
7.3
2023-01-11 CVE-2022-46176 Improper Verification of Cryptographic Signature vulnerability in Rust-Lang Cargo
Cargo is a Rust package manager.
network
high complexity
rust-lang CWE-347
5.9
2022-09-14 CVE-2022-36113 Path Traversal vulnerability in Rust-Lang Cargo
Cargo is a package manager for the rust programming language.
network
low complexity
rust-lang CWE-22
8.1
2022-09-14 CVE-2022-36114 Resource Exhaustion vulnerability in Rust-Lang Cargo
Cargo is a package manager for the rust programming language.
network
low complexity
rust-lang CWE-400
6.5
2022-03-08 CVE-2022-24713 regex is an implementation of regular expressions for the Rust language.
network
low complexity
rust-lang fedoraproject debian
7.5
2022-01-20 CVE-2022-21658 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency.
local
high complexity
rust-lang fedoraproject apple CWE-367
6.3
2021-08-07 CVE-2021-29922 Unspecified vulnerability in Rust-Lang Rust
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
network
low complexity
rust-lang
critical
9.1
2021-04-14 CVE-2021-31162 Double Free vulnerability in multiple products
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
network
low complexity
rust-lang fedoraproject CWE-415
critical
9.8
2021-04-14 CVE-2020-36323 Use of Externally-Controlled Format String vulnerability in multiple products
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
network
low complexity
rust-lang fedoraproject CWE-134
8.2