Unspecified Vulnerability in Rust (CNVD-2021-13649)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, which stems from the fact that byte-type data returned from an X server can be parsed into an arbitrary data type by...

Rust Buffer Overflow Vulnerability (CNVD-2021-13648)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in versions of Rust prior to 2021-02-04, which stems from xcb::xproto::changeproperty allowing out-of-bounds read operations. No detailed vulnerability details are provided...

Unspecified Vulnerability in Rust (CNVD-2021-13647)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2021-02-04, and no details of the vulnerability are available at this time...

Mozilla Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust in versions prior to comrak crate 0.9.1, which stems from the fact that the protection mechanism for data: and javascript: URIs is case-sensitive. No details o...

Rust Information Disclosure Vulnerability (CNVD-2021-13652)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. An information disclosure vulnerability exists in versions of Rust prior to 0.14.0, which can be exploited by an attacker to obtain sensitive information from uninitialized memory locations via a user-supplied...

Unspecified Vulnerability in Rust (CNVD-2021-36329)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in versions of Rust prior to 2.3.0. The vulnerability stems from the possibility of request smuggling when the program is used behind a reverse proxy. No detailed vulnerability...

aiowrap (=0.1.0), ambisonic (>=0.1.0 <=0.3.1) +157 more potentially affected by CVE-2021-29938 via slice-deque (>=0.1.16 <=0.3.0)

slice-deque CARGO version =0.1.16, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.8.0, =0.3.0, =0.3.0, =0.4.0, =0.8.0, =0.15.3 and more Source cves: CVE-2021-29938 Source advisory: OSV:RUSTSEC-2021-0047...

StackVec::extend can write out of bounds when size_hint is incorrect

StackVec::extend used the lower and upper bounds from an Iterator's sizehint to determine how many items to push into the stack based vector. If the sizehint implementation returned a lower bound that was larger than the upper bound, StackVec would write out of bounds and overwrite memory on the...

CVE-2021-27376

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydbsubscriptnextst and ydbsubscriptprevst have a use-after-free...

CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydbsubscriptnextst and ydbsubscriptprevst have a use-after-free...

CVE-2021-27376

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

Information disclosure

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

Buffer overflow

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

UBUNTU-CVE-2021-27378

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

CVE-2021-27376

CVE-2021-27376 affects the Rust crate nb-connect , file/socket handling. The issue arises from a direct cast of std::net::SocketAddrV4 and SocketAddrV6, relying on the wrong assumption about memory layout, which can lead to invalid memory access. The Red Hat and GHSA/RustSec entries confirm the r...

CVE-2021-27376

An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures...

CVE-2021-27377

CVE-2021-27377 affects the yottadb crate for Rust, specifically versions before 1.2.0. The vulnerability is a use-after-free in memory handling for certain allocation patterns, involving ydb_subscript_next_st and ydb_subscript_prev_st. Multiple connected advisories (e.g., RUSTSEC-2021-0022, GHSA-...

CVE-2021-27378

The CVE-2021-27378 issue affects the rand_core crate prior to 0.6.2 for Rust. The root cause is mishandling in read_u32_into and read_u64_into that can lead to a random number generator being seeded with insufficient data, enabling an improper seed condition. Public references in the connected do...

CVE-2021-27378

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...