EUVD-2021-1881

Malware in sbrugna...

GHSA-V3J6-XF77-8R9C Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

CentOS 8 : firefox (CESA-2020:0820)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0820 advisory. - usrsctp: Out of bounds reads in sctploadaddressesfrominit CVE-2019-20503 - Mozilla: Use-after-free when removing data about origins CVE-2020-6805 -...

CVE-2020-35901

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

CVE-2020-35901

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

Design/Logic Flaw

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

CVE-2020-35901

CVE-2020-35901 affects the actix-http crate for Rust, with exploitation possible via a use-after-free in BodyStream caused by lack of pinning. The issue is tied to the crate’s handling of buffers and memory location, and is mitigated by upgrading to a fixed version (2.0.0-alpha.1) or later as ind...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust actix-http crate before 2.0.0-alpha.1, which stems from BodyStream having a use-after-free...

RHEL 8 : firefox (RHSA-2020:0819)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0819 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla: BodyStream:: OnInputStreamReady was missing protections against state confusion

The Mozilla Foundation Security Advisory describes this flaw as: By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash...

RHEL 6 : firefox (RHSA-2020:0816)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0816 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla: BodyStream:: OnInputStreamReady was missing protections against state confusion

The Mozilla Foundation Security Advisory describes this flaw as: By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RUSTSEC-2020-0048 Use-after-free in BodyStream due to lack of pinning

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free. The flaw was corrected by making the trait MessageBody require Unpin and making pollnext function accept Pin...

Use-after-free in BodyStream due to lack of pinning

Affected versions of this crate did not require the buffer wrapped in BodyStream to be pinned, but treated it as if it had a fixed location in memory. This may result in a use-after-free. The flaw was corrected by making the trait MessageBody require Unpin and making pollnext function accept Pin...