CVE-2021-45705

An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer...

CVE-2021-45691

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestring may read from uninitialized memory locations...

CVE-2021-45686

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preambleskipcount may read from uninitialized memory locations...

CVE-2021-45685

An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::readtypedvec may read from uninitialized memory locations...

CVE-2021-45689

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfxauxil::readspirv may read from uninitialized memory locations...

CVE-2021-45690

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializebinary may read from uninitialized memory locations...

CVE-2021-45687

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used which is not the the default, a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic...

CVE-2021-45695

An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass...

CVE-2021-45703

An issue was discovered in the tectonicxdv crate before 0.1.12 for Rust. XdvParser::::process may read from uninitialized memory locations...

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups...

CVE-2021-45706

An issue was discovered in the zeroizederive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum...

CVE-2021-45685

An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::readtypedvec may read from uninitialized memory locations...

CVE-2021-45688

An issue was discovered in the ash crate before 0.33.1 for Rust. util::readspv may read from uninitialized memory locations...

CVE-2021-45692

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializeextensionothers may read from uninitialized memory locations...

CVE-2021-45694

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

CVE-2021-45696

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...

CVE-2021-45697

An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result...

CVE-2021-45700

An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service Nervos CKB blockchain node crash via a dead call that is used as a DepGroup...

CVE-2021-45708

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass...