‼ CVE-2020-36464 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36442 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36439 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36469 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36468 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36434 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36454 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36463 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36460 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36443 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36444 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36432 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().📖 Read
via "National Vulnerability Database".
âš S3 Ep44: Unreported holes, retro computing, and tech support for malware [Podcast] âš
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep44: Unreported holes, retro computing, and tech support for malware [Podcast]
Latest episode – listen now!
‼ CVE-2021-38199 ‼
📖 Read
via "National Vulnerability Database".
fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by arranging for those servers to be unreachable during trunking detection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38205 ‼
📖 Read
via "National Vulnerability Database".
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38207 ‼
📖 Read
via "National Vulnerability Database".
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38198 ‼
📖 Read
via "National Vulnerability Database".
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38206 ‼
📖 Read
via "National Vulnerability Database".
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38201 ‼
📖 Read
via "National Vulnerability Database".
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38209 ‼
📖 Read
via "National Vulnerability Database".
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38208 ‼
📖 Read
via "National Vulnerability Database".
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.📖 Read
via "National Vulnerability Database".