22 matches found
EUVD-2022-6540
Malicious code in bioql PyPI...
Medium: python-cryptography
Issue Overview: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects su...
`openssl` `X509StoreRef::objects` is unsound
This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with X509StoreRef::allcertificate...
CVE-2023-43631
On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...
GHSA-CM6R-892J-JV2G Google Play Services SDK leads to apps having incorrectly set mutability flag
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...
Google Play Services SDK leads to apps having incorrectly set mutability flag
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...
CVE-2022-2390
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...
CVE-2022-2390
CVE-2022-2390 affects the Google Play Services SDK. The issue stems from the mutability flag on PendingIntents passed to the Notification service, present in SDKs prior to version 18.0.2. This misconfiguration can allow an attacker to access all non-exported providers and/or other providers for w...
PT-2022-16319 · Google · Google Play Services Sdk
Name of the Vulnerable Software and Affected Versions: Google Play Services SDK versions prior to 18.0.2 Description: The issue arises from the incorrect setting of the mutability flag in PendingIntents passed to the Notification service in apps developed with the Google Play Services SDK. This b...
Functions in CNote.sol are internal instead of external/public
Lines of code Vulnerability details Impact Most of the functions in CNote.sol are internal mutability and have no other locations they are being called. This renders most of the functionalities in the contract to be uncallable. Tools Used Manual review Recommended Mitigation Steps Change to the...
Data races in unicycle
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
GHSA-GQ4H-F254-7CW9 Duplicate Advisory: Data races in ticketed_lock
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...
Duplicate Advisory: Data races in ticketed_lock
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...
Data races in unicycle
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
RUSTSEC-2020-0116 PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
CopyCell lacks bounds on its Send trait allowing for data races
CopyCell is a Cell-like type that is implemented for any type T that is Copyable. It's Send trait has no bounds on the contained type. As not all Copyable types are thread safe, for example non-mutable references implement the Copy trait, it is possible to send references to types with interior...
PT-2020-17638 · Rust · Lever
Name of the Vulnerable Software and Affected Versions: lever crate versions prior to 0.1.1 Description: The issue concerns the implementation of the Send and Sync traits for all types T by AtomicBox, which is designed for use across threads. This implementation allows non-Send types, such as Rc,...
RUSTSEC-2020-0062 Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...