CVE-2020-36204

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...

CVE-2020-35711

An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...

CVE-2020-36446

An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel...

CVE-2020-35883

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename...

CVE-2020-35887

An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut...

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

CVE-2020-35912

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness...

CVE-2020-35925

An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type...

CVE-2020-35879

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::rawslice and RowMut::rawslicemut...

CVE-2020-35889

An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike...

CVE-2020-35894

An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur...

CVE-2020-35875

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...

CVE-2020-35888

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::newfromtemplate...

CVE-2020-35867

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via createmodule...

CVE-2020-36211

An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

CVE-2020-36207

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

CVE-2020-36210

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption...

CVE-2020-36203

An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption...

CVE-2020-36217

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2020-35865

An issue was discovered in the osstrbytes crate before 2.0.0 for Rust. It has false expectations about char::fromu32unchecked behavior...