CVE-2020-36471

An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function for yielding values has Send bounds...

CVE-2020-36471

An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function for yielding values has Send bounds...

CVE-2020-36472

CVE-2020-36472 affects the max7301 crate for Rust older than 0.2.0. The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types, which can allow non-thread-safe Expander contents to be shared across threads. This enables data races when IO can retrieve the Expander a...

CVE-2020-36472

An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain...

CVE-2021-38186

An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...

CVE-2021-38186

The CVE-2021-38186 entry concerns the comrak crate for Rust, affected in versions before 0.10.1. The issue stems from improper handling of the & character, which can cause cross-site scripting (XSS) via HTML entities like &#. The vulnerability is described across multiple sources (e.g., Red Hat, ...

CVE-2021-38187

CVE-2021-38187 affects the Rust anymap crate up to version 0.12.1, with a soundness flaw caused by converting a *u8 to a *u64. Public records (NVD, OSV, GHSA, CNVD) describe this as a high‑/critical impact vulnerability; CVSSv3.1 base score 9.8 indicates CRITICAL severity and network attack vecto...

CVE-2021-38187

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64...

CVE-2021-38187

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64...

CVE-2021-38188

An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new, slice.getuncheckedslice.length is used unsafely...

CVE-2021-38188

The CVE-2021-38188 issue concerns the iced-x86 crate (Rust) up to version 1.10.3. The root cause is unsafe use of slice.get_unchecked(slice.length()) in Decoder::new(), which can lead to undefined behavior and potential security impact as described by multiple advisories. Public details consisten...

CVE-2021-38189

The CVE-2021-38189 issue affects the lettre crate (Rust) prior to 0.9.6. In the body of an email, an attacker can place a dot after two consecutive CRLF sequences, enabling arbitrary SMTP command injection after the message ends. This represents a control-flow vulnerability in SMTP handling rathe...

CVE-2021-38190

An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count...

CVE-2021-38190

CVE-2021-38190 affects the Rust crate nalgebra prior to 0.27.1, where out-of-bounds memory access can occur because the number of elements is not guaranteed to equal nrows * ncols during deserialization or storage handling. The issue is caused by an invariant not being maintained in the matrix/ve...

CVE-2021-38191

CVE-2021-38191 concerns the tokio crate (pre-1.8.1) for Rust. The issue occurs when calling JoinHandle::abort: a Task may be dropped in the wrong thread, which, as discussed in related advisories, can create race conditions—especially for tasks that rely on thread-affine constructs like Rc or Ref...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38191

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread...

CVE-2021-38192

CVE-2021-38192 affects the Rust crate prost-types prior to 0.8.0, where converting a Timestamp to SystemTime can overflow and panic. The issue is addressed by upgrading to prost-types v0.8 and switching the From for SystemTime usage to TryFrom for SystemTime. The vulnerability is described across...

CVE-2021-38192

An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime...

CVE-2021-38193

CVE-2021-38193 : A cross-site scripting vulnerability exists in the ammonia crate for Rust, prior to version 3.1.0. The issue arises from mishandled parsing differences between HTML, SVG, and MathML, enabling an attacker to inject malicious scripts. The vulnerability is related to, and similar in...