CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

CVE-2021-25908

The CVE-2021-25908 issue affects the fil-ocl crate for Rust (up to 2021-01-04) where the From path can lead to a double free. The vulnerability is described across multiple sources (e.g., RustSec advisory RUSTSEC-2021-0011 and related CVE entries) and is tied to conversions from EventList, with t...

CVE-2021-25908

An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From can lead to a double free...

CVE-2021-21269

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust join method without checking user input might have made it abe to do a Path Traversal attack causing to read more...

CVE-2021-21269 Path Traversal in Keymaker

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust join method without checking user input might have made it abe to do a Path Traversal attack causing to read more...

audir (=0.1.0), com-impl (>=0.1.0 <=0.1.1) +6 more potentially affected by CVE-2021-45681 via derive-com-impl (=0.1.1)

derive-com-impl CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on derive-com-impl and may be impacted: - audir =0.1.0 - com-impl =0.1.0, =0.3.0-alpha1, =0.3.0-alpha1, =0.3.0-alpha4 - dxgi =0.3.0-alpha4 - wic =0.3.0-alpha1 Source cves...

Optional `Deserialize` implementations lacking validation

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...

RUSTSEC-2021-0083 QueryInterface should call AddRef before returning pointer

Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the IUnknown::QueryInterface method. QueryInterface implementation must call IUnknown::AddRef before returning the pointer, as describe in this documentation: As it is not incrementing...

RUSTSEC-2021-0089 Optional `Deserialize` implementations lacking validation

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...

addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)

lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:RUSTSEC-2021-0004...

Stegbrute - Fast Steganography Bruteforce Tool Written In Rust Useful For CTF's

stegbrute is a fast steganography brute force tool written in Rust using also threads to achieve a faster execution Dependencies Stegbrute cannot run without steghide!, to install steghide run : apt-get install -y steghide if you are not in a debian distribution you can download it from steghide...

buf (>=0.1.0 <=0.2.1), i-o (>=0.1.0 <=0.4.1) +2 more potentially affected by CVE-2021-25907 via containers (>=0.1.1 <=0.8.5)

containers CARGO version =0.1.1, =0.1.0, =0.1.0, =0.13.0, =0.14.1 - lude =0.1.0 Source cves: CVE-2021-25907 Source advisory: OSV:RUSTSEC-2021-0010...

Vicent Martí Redcarpet Injection Vulnerability

Vicent Martí Redcarpet is a Rust-based codebase for parsing Markdown syntax by the individual developer Vicent Martí. An injection vulnerability exists in Redcarpet before version 3.5.1, which results from not performing HTML escaping when handling quotes...

amethyst (>=0.7.0 <=0.15.3), amethyst-console (=0.1.0) +31 more potentially affected by CVE-2021-25902 via glsl-layout (>=0.1.1 <=0.3.2)

glsl-layout CARGO version =0.1.1, =0.7.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.6.0, =0.1.0, =0.3.0, =0.4.0, =0.2.0, =0.15.3 - amethystinput =0.6.0 and more Source cves: CVE-2021-25902 Source advisory: OSV:RUSTSEC-2021-0005...

ABC_Game_Engine (>=0.1.0 <=0.1.2), AitSar (=0.1.1) +40025 more potentially affected by CVE-2021-25900 via smallvec (>=1.0.0 <=1.2.0)

smallvec CARGO version =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0, =0.1.0-beta.1, =1.0.2, =0.1.0, =0.1.0, =0.1.1 - GuiNistRs =0.1.0 and more Source cves: CVE-2021-25900 Source advisory: OSV:RUSTSEC-2021-0003...

Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...

LemoGUI (=0.0.1-nightly), a2d (>=0.1.0 <=0.1.11) +199 more potentially affected by CVE-2021-45689 via gfx-auxil (>=0.10.0 <=0.9.0)

gfx-auxil CARGO version =0.10.0, =0.1.0, =0.1.0, =0.0.1, =0.1.2, =0.1.0, =0.1.0, =0.5.4, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: CVE-2021-45689 Source advisory: OSV:RUSTSEC-2021-0091...

LemoGUI (=0.0.1-nightly), a2d (>=0.1.0 <=0.1.11) +277 more potentially affected by CVE-2021-45688 via ash (>=0.24.4 <=0.32.1)

ash CARGO version =0.24.4, =0.1.0, =0.1.0, =0.0.1, =0.1.2, =0.1.0, =0.1.0, =0.5.4, =0.2.0, =0.1.0, =0.3.0 - amethyst-navigation =0.1.0 and more Source cves: CVE-2021-45688 Source advisory: OSV:RUSTSEC-2021-0090...

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...

RUSTSEC-2021-0007 `Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...