Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2022-6540

Malicious code in bioql PyPI...

8.4CVSS8.1AI score0.00105EPSS
Exploits0References3
Amazon
Amazon
added 2023/12/14 12:0 a.m.4 views

Medium: python-cryptography

Issue Overview: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects su...

6.5CVSS7.7AI score0.01301EPSS
Exploits1
RustSec
RustSec
added 2023/11/23 12:0 p.m.5 views

`openssl` `X509StoreRef::objects` is unsound

This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound. Use of this function should be replaced with X509StoreRef::allcertificate...

7AI score
Exploits0Affected Software1
OSV
OSV
added 2023/09/21 2:15 p.m.10 views

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

8.8CVSS5.8AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2022/08/13 12:0 a.m.4 views

GHSA-CM6R-892J-JV2G Google Play Services SDK leads to apps having incorrectly set mutability flag

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...

6.1CVSS7.2AI score0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/08/13 12:0 a.m.31 views

Google Play Services SDK leads to apps having incorrectly set mutability flag

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...

8.4CVSS3.6AI score0.00105EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/08/12 11:15 a.m.6 views

CVE-2022-2390

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...

8.4CVSS7.3AI score
Exploits0References2
CVE
CVE
added 2022/08/12 10:25 a.m.88 views

CVE-2022-2390

CVE-2022-2390 affects the Google Play Services SDK. The issue stems from the mutability flag on PendingIntents passed to the Notification service, present in SDKs prior to version 18.0.2. This misconfiguration can allow an attacker to access all non-exported providers and/or other providers for w...

8.4CVSS7.3AI score0.00105EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/12 12:0 a.m.6 views

PT-2022-16319 · Google · Google Play Services Sdk

Name of the Vulnerable Software and Affected Versions: Google Play Services SDK versions prior to 18.0.2 Description: The issue arises from the incorrect setting of the mutability flag in PendingIntents passed to the Notification service in apps developed with the Google Play Services SDK. This b...

8.4CVSS8.3AI score0.00105EPSS
Exploits0References6
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.14 views

Functions in CNote.sol are internal instead of external/public

Lines of code Vulnerability details Impact Most of the functions in CNote.sol are internal mutability and have no other locations they are being called. This renders most of the functionalities in the contract to be uncallable. Tools Used Manual review Recommended Mitigation Steps Change to the...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/08/25 9:0 p.m.17 views

Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

1.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 2021/08/25 9:0 p.m.20 views

GHSA-GQ4H-F254-7CW9 Duplicate Advisory: Data races in ticketed_lock

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...

8.1CVSS7.5AI score0.00766EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/08/25 9:0 p.m.10 views

Duplicate Advisory: Data races in ticketed_lock

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...

5.4AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:58 p.m.26 views

Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

8.1CVSS8AI score0.00766EPSS
Exploits0References7Affected Software1
RustSec
RustSec
added 2020/11/15 12:0 p.m.17 views

PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

8.1CVSS1.7AI score0.00766EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/11/15 12:0 p.m.14 views

RUSTSEC-2020-0116 PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

8.1CVSS8.2AI score0.00766EPSS
Exploits0References3
RustSec
RustSec
added 2020/11/15 12:0 p.m.17 views

CopyCell lacks bounds on its Send trait allowing for data races

CopyCell is a Cell-like type that is implemented for any type T that is Copyable. It's Send trait has no bounds on the contained type. As not all Copyable types are thread safe, for example non-mutable references implement the Copy trait, it is possible to send references to types with interior...

8.1CVSS2.3AI score0.01098EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/11/10 12:0 a.m.6 views

PT-2020-17638 · Rust · Lever

Name of the Vulnerable Software and Affected Versions: lever crate versions prior to 0.1.1 Description: The issue concerns the implementation of the Send and Sync traits for all types T by AtomicBox, which is designed for use across threads. This implementation allows non-Send types, such as Rc,...

8.1CVSS7.9AI score0.0124EPSS
Exploits1References10
OSV
OSV
added 2020/01/24 12:0 p.m.19 views

RUSTSEC-2020-0062 Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

5.5CVSS5.6AI score0.00334EPSS
Exploits0References3
RustSec
RustSec
added 2020/01/24 12:0 p.m.28 views

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

5.5CVSS1.5AI score0.00334EPSS
Exploits0Affected Software1
Rows per page
Query Builder