‼ CVE-2021-38159 ‼
📖 Read
via "National Vulnerability Database".
In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29922 ‼
📖 Read
via "National Vulnerability Database".
library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38185 ‼
📖 Read
via "National Vulnerability Database".
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36438 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36449 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter<H>, Send is implemented without requiring H: Send.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36466 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38188 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36470 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36446 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel<T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36452 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38186 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36450 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch<T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36465 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36467 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38194 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36436 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36464 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36442 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36439 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36469 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36468 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer.📖 Read
via "National Vulnerability Database".