Exploit for Improper Input Validation in Apache Log4J

Log4j Scanner Discover Log4Shell vulnerability CVE-2021-4483...

CVE-2021-45692

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializeextensionothers may read from uninitialized memory locations...

CVE-2021-45706

An issue was discovered in the zeroizederive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum...

CVE-2021-45704

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket unconditionally implements the Send and Sync traits...

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

CVE-2018-25025

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

UBUNTU-CVE-2018-25023

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A security vulnerability exists in versions of Rust crypto2 crate prior to 2021-10-08, which stems from a possible unaligned read of u32 during Chacha20 encryption and decryption. No details of the vulnerability...

Rust actix-web crate 缓冲区错误漏洞

Rust actix-web crate is a Rust web framework. mozilla Rust actix-web crate memory corruption vulnerability can be exploited by attackers to cause memory corruption...

Rust rust-embed crate 路径遍历漏洞

rust-embed is the embedding of static assets into rust binaries. rust-embed versions prior to 6.3.0 have security vulnerabilities that can be exploited by attackers in debug mode to cause directory traversal...

GHSA-2R6Q-6C8C-G762 Data races in toolshed

An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type...

GHSA-R98R-J25Q-RMPR Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

rust: memory safety violation in Zip implementation when next_back() and next() are used together

In the standard library in Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...

rust: memory safety violation in Zip implementation for nested iter::Zips

In the standard library in Rust before 1.51.0, the Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

CVE-2020-36469

An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally...

CVE-2020-36470

An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references...

CVE-2020-36460

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...

CVE-2020-36438

An issue was discovered in the tinyfuture crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync traits...

CVE-2020-36450

An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch...

CVE-2020-36441

An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox with no requirement for T: Send and T: Sync...