9526 matches found
CVE-2021-26958
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...
CVE-2021-26957
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...
UBUNTU-CVE-2021-26956
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value...
UBUNTU-CVE-2021-26957
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...
UBUNTU-CVE-2021-26955
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...
UBUNTU-CVE-2021-26958
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...
CVE-2021-26951
CVE-2021-26951 affects the Rust crate calamine prior to 0.17.0. The issue arises from using Vec::set_len without proper memory claiming, which can result in uninitialized memory being exposed to a user-provided Read operation, demonstrated by Sectors::get. This can lead to out-of-bounds/heap memo...
CVE-2021-26951
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...
CVE-2021-26952
CVE-2021-26952 affects the Rust crate ms3d prior to 0.1.3. The issue arises when IoReader::read processes data into an uninitialized buffer, allowing an attacker to obtain sensitive information from memory. The root cause is passing an uninitialized buffer to a user-provided Read implementation, ...
CVE-2021-26954
CVE-2021-26954 affects the Rust crate qwutils prior to 0.3.1. When a Clone panic occurs, the function insert_slice_clone can perform a double drop (and potentially a double-free) due to temporary ownership duplication during insertion into a Vec. The root cause is related to how ownership is hand...
CVE-2021-26954
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...
CVE-2021-26955
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...
CVE-2021-26955
The CVE-2021-26955 issue affects the Rust xcb crate (up to 2021-02-04). Root cause: xcb::xproto::GetAtomNameReply::name() uses std::str::from_utf8_unchecked() on bytes received from an X server without validation, constituting a soundness violation. Documented impacts indicate a potential securit...
CVE-2021-26955
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...
CVE-2021-26957
CVE-2021-26957 affects the Rust xcb crate; a soundness issue causes an out-of-bounds read in xcb::xproto::change_property(), illustrated by a format=32 T=u8 scenario, with out-of-bounds bytes sent to the X server. The issue is documented across OSV/NVD references (e.g., RUSTSEC-2021-0019). No rem...
CVE-2021-26957
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...
CVE-2021-26957
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...
CVE-2021-26958
CVE-2021-26958 concerns the Rust xcb crate (up to 2021-02-04) with a soundness violation caused by transmuting to the wrong type in xcb::base::cast_event, which can return a reference to an arbitrary type. Multiple connected sources (OSV entries, Red Hat/RH advisory, Nessus plugin) describe an ou...
CVE-2021-26958
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...
CVE-2021-26958
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...