Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 2 of 2 results

CVE-2023-38497

Medium priority

Some fixes available 6 of 11

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If...

3 affected packages

cargo, rust-cargo, rustc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Fixed Fixed Fixed Fixed
rust-cargo Vulnerable Fixed Not in release Ignored Ignored
rustc Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-46176

Medium priority

Some fixes available 4 of 8

Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to...

2 affected packages

cargo, rust-cargo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cargo Not in release Fixed Fixed Vulnerable Vulnerable
rust-cargo Not affected Vulnerable Not in release Not in release Ignored
Show less packages