‼ CVE-2020-36467 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38194 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36436 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36464 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36442 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36439 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36469 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36468 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36434 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36454 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36463 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36460 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36443 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36444 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36432 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().📖 Read
via "National Vulnerability Database".
âš S3 Ep44: Unreported holes, retro computing, and tech support for malware [Podcast] âš
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep44: Unreported holes, retro computing, and tech support for malware [Podcast]
Latest episode – listen now!
‼ CVE-2021-38199 ‼
📖 Read
via "National Vulnerability Database".
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38205 ‼
📖 Read
via "National Vulnerability Database".
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38207 ‼
📖 Read
via "National Vulnerability Database".
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38198 ‼
📖 Read
via "National Vulnerability Database".
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38206 ‼
📖 Read
via "National Vulnerability Database".
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.📖 Read
via "National Vulnerability Database".