Rust Buffer Overflow Vulnerability (CNVD-2021-31918)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in reorder crate for Rust 2021-02-24 and earlier versions, which stems from a swap index write operation that oversteps its bounds if the len returned by the iterator is to...

Rust Resource Management Error Vulnerability (CNVD-2021-33053)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in arenavec crate for Rust versions 2021-01-12 and earlier, which stems from T::drop. No details of the vulnerability are provided at this time...

Rust Buffer Overflow Vulnerability (CNVD-2021-31917)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in PartialReader in the uuod crate for Rust versions prior to 0.0.4, which can be exploited by an attacker to read the contents of an uninitialized memory location via a...

Rust Resource Management Error Vulnerability (CNVD-2021-29836)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in slice-deque crate for Rust 2021-02-19 and earlier versions, which originates from SliceDeque::drainfilter.No detailed vulnerability details are available at th...

Rust Buffer Overflow Vulnerability (CNVD-2021-28295)

Rust is a systems programming language characterized by fast operation, the ability to prevent segmentation errors, and thread-safety. A buffer overflow vulnerability exists in the standard stock in versions of Rust prior to 1.50.0. The vulnerability stems from readtoend not validating the return...

Mozilla Rust Post-Release Reuse and Double-Release Vulnerability

Rust is a systems programming language characterized by fast operation, the ability to prevent segmentation errors, and thread-safety. A reuse-after-release and double-release vulnerability exists in standard inventory in versions of Rust prior to 1.49.0. The vulnerability stems from...

Rust Resource Management Error Vulnerability (CNVD-2021-31920)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in through crate for Rust 2021-02-18 and earlier versions, which stems from a double release in the map function. No details of the vulnerability are provided at...

Rust Buffer Overflow Vulnerability (CNVD-2021-28297)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust that stems from the loss of uninitialized memory that sometimes occurs. No details of the vulnerability are provided at this time...

Rust Resource Management Error Vulnerability (CNVD-2021-31473)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in Rust version 2021-02-26 and prior versions, which stems from the possibility of a double release in get or insert. No detailed vulnerability details are...

Rust Resource Management Error Vulnerability (CNVD-2021-29842)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in Rust id-map crate 2021-02-26 and earlier versions, which stems from removeset being DOUBLE FREE when an emergency occurs in Drop impl. No detailed vulnerabilit...

Rust Resource Management Error Vulnerability (CNVD-2021-31472)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in Rust id-map crate version 2021-02-26 and prior versions, which stems from the discovery of a double release in IdMap::clonefrom. No detailed vulnerability...

The vulnerability of the URL function in the PHP programming language lies in insufficient validation of input data, allowing attackers to compromise the integrity of data.

The vulnerability of the PHP programming language’s URL function is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

Rust Out-of-Bounds Write Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust on 2021-02-19 and earlier versions, which stems from an out-of-bounds write in StackVec::extend that could result in an out-of-bounds write if certain exception data is...

Rust Denial of Service Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A denial of service vulnerability exists in parseduration crate for Rust 2021-03-18 and earlier versions, which can be exploited by an attacker to cause a denial of service CPU and memory consumption via a large...

Moderate: Red Hat Security Advisory: perl security update

An update for perl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

DEBIAN-CVE-2021-21372

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...

Remote code execution

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

CVE-2021-21373 Nimble falls back to insecure http url when fetching packages

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker...

CVE-2021-21374

CVE-2021-21374 affects Nimble (Nim package manager) where Nimble refresh may fetch the package list over HTTPS without full SSL/TLS verification due to httpClient defaults, enabling a MitM to deliver a modified package list and installable packages. If such packages are installed, this can lead t...