CVE-2021-29936

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

CVE-2021-29937

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

CVE-2021-29933

An issue was discovered in the insertmany crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next method panics...

CVE-2021-29934

An issue was discovered in PartialReader in the uuod crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation...

CVE-2021-29930

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default...

CVE-2021-28305

An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the SQLite backend because the semantics of sqlite3columnname are not followed...

CVE-2021-28032

An issue was discovered in the nanoarena crate before 0.5.2 for Rust. There is an aliasing violation in splitat because two mutable references can exist for the same element, if Borrow behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free...

CVE-2021-28027

An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block...

CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydbsubscriptnextst and ydbsubscriptprevst have a use-after-free...

CVE-2021-26952

An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read...

CVE-2021-26956

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...

CVE-2021-26954

An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...

CVE-2021-26951

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

CVE-2021-26955

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...

CVE-2021-26953

An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation...

CVE-2021-26305

An issue was discovered in Deserializer::readvec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness...

CVE-2021-25906

An issue was discovered in the basicdspmatrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed...

CVE-2021-25908

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead to a double free...

CVE-2021-25904

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault...

CVE-2021-25902

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...