CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

CVE-2021-32619

Summary: CVE-2021-32619 affects Deno runtimes 1.5.0–1.10.1. A vulnerability in modules dynamically imported via import() or new Worker could bypass network and file-system permission checks when statically importing other modules. Impact (as described): attackers controlling a module in a program...

CVE-2021-32619 Static imports inside dynamically imported modules do not adhere to permission checks

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

Rust Resource Management Error Vulnerability (CNVD-2021-38306)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in algorithmica crate for Rust version 2021-03-07 and earlier, which stems from a double free in merge sort::merge.No details of the vulnerability are available a...

Oracle Linux 8 : rust-toolset:ol8 (ELSA-2021-1935)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1935 advisory. rust 1.49.0-1 - Update to 1.49.0. 1.48.0-1 - Update to 1.48.0. rust-toolset 1.49.0-1 - Update to Rust and Cargo 1.49.0. 1.48.0-1 - Update to Rust and...

rust-toolset:ol8 security, bug fix, and enhancement update

rust 1.49.0-1 - Update to 1.49.0. 1.48.0-1 - Update to 1.48.0. rust-toolset 1.49.0-1 - Update to Rust and Cargo 1.49.0. 1.48.0-1 - Update to Rust and Cargo 1.48.0...

aquamarine-vm (>=0.1.0 <=0.5.2), ashpaper-plus (>=0.5.0 <=0.5.1) +140 more potentially affected by CVE-2021-32629 via cranelift-codegen (>=0.14.0 <=0.72.0)

cranelift-codegen CARGO version =0.14.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.13.2, =0.8.0, =0.14.0, =0.14.0, =0.66.0 and more Source cves: CVE-2021-32629 Source advisory: OSV:RUSTSEC-2021-0067...

RHEL 8 : rust-toolset:rhel8 (RHSA-2021:1935)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1935 advisory. Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The following packages ha...

rust: memory safety violation in String::retain()

In the standard library in Rust before 1.49.0, String::retain function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sa...

Low: Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

rust: use-after-free or double free in VecDeque::make_contiguous

In the standard library in Rust before 1.49.0, VecDeque::makecontiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free...

Low: rust-toolset:rhel8 security, bug fix, and enhancement update

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The following packages have been upgraded to a later upstream version: rust 1.49.0. BZ1896712 Security Fixes: rust: use-after-free or double free in VecDeque::makecontiguous...

rust-toolset:rhel8 security, bug fix, and enhancement update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust is a systems programming language that runs blazingly fast,...

RLSA-2021:1935 Low: rust-toolset:rhel8 security, bug fix, and enhancement update

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The following packages have been upgraded to a later upstream version: rust 1.49.0. BZ1896712 Security Fixes: rust: use-after-free or double free in VecDeque::makecontiguous...

CVE-2021-29511

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...

CVE-2021-29511

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...

CVE-2021-29511

CVE-2021-29511 affects the Rust EVM implementation (evm crate). Before the patch in commit 19ade85, certain memory-opcodes using memory::copy_large could cause memory over-allocation, enabling a denial-of-service. Remediation: upgrade evm to &gt;=0.26.1, or to specific newer releases (0.21.1, 0.2...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust. An attacker could use this vulnerability to cause a denial of service...

Unspecified Vulnerability in Rust (CNVD-2021-38316)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust rkyv crate versions prior to 0.6.0, which stems from the fact that when an archive is created via serialization, the contents of the archive may contain uninitialized valu...