endian_trait_derive (>=0.2.0 <=0.4.0) potentially affected by CVE-2021-29929 via endian_trait (>=0.2.0 <=0.3.0)

endiantrait CARGO version =0.2.0, =0.2.0, =0.4.0 Source cves: CVE-2021-29929 Source advisory: OSV:RUSTSEC-2021-0039...

bellperson (>=0.3.4 <=0.15.0), ff-cl-gen (>=0.1.0 <=0.3.0) +10 more potentially affected by CVE-2021-25908 via fil-ocl (=0.19.6)

fil-ocl CARGO version =0.19.6 is affected by a known vulnerability. The following packages have a transitive dependency on fil-ocl and may be impacted: - bellperson =0.3.4, =0.1.0, =5.0.0, =5.0.0, =2.3.0, =0.1.0, =0.1.0, =5.0.0, =5.4.0, =5.0.0, =5.0.0, =0.1.1, =0.1.2 Source cves: CVE-2021-25908...

RUSTSEC-2021-0001 XSS in mdBook's search page

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

Rust Mdmook Cross-Site Scripting Vulnerability

Rust Mdmook is a Rust-based software for building online book applications from Markdown files from the Rust Organization. Rust Mdmook suffers from a cross-site scripting vulnerability that allows an attacker to execute arbitrary JavaScript code on a page...

RUSTSEC-2021-0008 reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior read from uninitialized memory. The flaw was corrected in version 0.1.1 by zero-initializing a new...

reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)

Affected versions of this crate creates an uninitialized buffer and passes it to user-provided Read implementation. This is unsound, because it allows safe Rust code to exhibit an undefined behavior read from uninitialized memory. The flaw was corrected in version 0.1.1 by zero-initializing a new...

RUSTSEC-2020-0103 `impl Random` on arrays can lead to dropping uninitialized memory

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random. Dropping uninitialized T can potentially cause memory corruption or undefined behavior. The flaw was corrected in commit 565d508 by using MaybeUnin...

RUSTSEC-2020-0153 `read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...

`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...

CVE-2020-35897

An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race...

CVE-2020-35896

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack...

CVE-2020-35895

An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion...

CVE-2020-35896

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack...

CVE-2020-35897

An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race...

CVE-2020-35881

An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x...

CVE-2020-35886

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race...

CVE-2020-35879

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::rawslice and RowMut::rawslicemut...

CVE-2020-35890

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity...

CVE-2020-35880

An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation...

CVE-2020-35888

An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::newfromtemplate...