CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2020/12/31 8:32 a.m.•19 views

CVE-2019-25005

An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext...

7.5AI score0.00285EPSS

Exploits0References1

Cvelist•added 2020/12/31 8:32 a.m.•11 views

CVE-2019-25006

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer...

7.5AI score0.00156EPSS

Cvelist•added 2020/12/31 8:32 a.m.•13 views

CVE-2019-25007

An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic...

7.5AI score0.00334EPSS

CVE•added 2020/12/31 8:32 a.m.•49 views

CVE-2019-25007

Summary : The vulnerability CVE-2019-25007 affects the Rust streebog crate prior to 0.8.0. Root cause : incorrect implementation of the internal update-sigma function, which could cause a panic for certain inputs. Impact : panics in the Streebog hash function; no exploit details are provided in t...

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2020/12/31 8:31 a.m.•298 views

CVE-2019-25009

CVE-2019-25009 — Rust http crate vulnerability : Affected component is the http crate (pre-0.1.20). The issue lies in the HeaderMap::Drain API, which can use a raw pointer, defeating soundness and potentially leading to memory-safety problems. This affects Rust projects depending on that crate. T...

9.8CVSS9.3AI score0.00601EPSS

Cvelist•added 2020/12/31 8:31 a.m.•21 views

CVE-2019-25010

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

9.4AI score0.00418EPSS

Exploits0References2

CVE•added 2020/12/31 8:31 a.m.•183 views

CVE-2019-25010

CVE-2019-25010 affects the Rust failure crate (up to 0.1.5, affected through 2019-11-13). The issue is a type confusion that can occur when private_get_type_id is overridden, enabling potential misbehavior in applications relying on this crate. The NVD CVSS data indicates high to critical impact ...

9.8CVSS9.2AI score0.00418EPSS

Exploits0References2Affected Software1

Debian CVE•added 2020/12/31 8:31 a.m.•20 views

CVE-2019-25010

An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when privategettypeid is overridden...

9.8CVSS9.5AI score0.00418EPSS

Exploits0

Cvelist•added 2020/12/31 8:30 a.m.•13 views

CVE-2020-35858

An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service e.g., x86 or possibly remote code execution e.g., ARM...

9.8AI score0.02484EPSS

CVE•added 2020/12/31 8:30 a.m.•57 views

CVE-2020-35858

The CVE-2020-35858 issue affects the prost crate for Rust prior to 0.6.1, where decoding a crafted message can cause stack consumption leading to denial of service (notably on x86) and potentially remote code execution (e.g., on ARM). The root cause is a stack-related flaw in parsing untrusted in...

9.8CVSS9.7AI score0.02484EPSS

CVE•added 2020/12/31 8:30 a.m.•57 views

CVE-2020-35859

CVE-2020-35859 affects the lucet-runtime-internals crate for Rust, before version 0.5.1. The issue is a mishandling of sigstack allocation, which can allow guest programs to obtain sensitive host data or experience memory corruption. Several advisories (including RUSTSEC-2020-0004 and GHSA-3933-W...

9.1CVSS8.9AI score0.00433EPSS

Cvelist•added 2020/12/31 8:30 a.m.•13 views

CVE-2020-35860

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

9.5AI score0.00372EPSS

CVE•added 2020/12/31 8:30 a.m.•46 views

CVE-2020-35860

CVE-2020-35860 affects the Rust crate cbox (through 2020-03-19). The root cause is described as the CBox API allowing dereferencing raw pointers without requiring unsafe code, which can lead to memory-safety issues. The vulnerability is documented across multiple sources (e.g., RustSec advisory R...

9.8CVSS9.3AI score0.00372EPSS

CVE•added 2020/12/31 8:30 a.m.•65 views

CVE-2020-35861

The CVE-2020-35861 issue affects the bumpalo crate for Rust, specifically before version 3.2.1. The realloc functionality can read unknown memory, potentially allowing attackers to read cryptographic keys. No exploit details are provided in the initial/connected documents beyond this description....

7.5CVSS7.3AI score0.00285EPSS

Cvelist•added 2020/12/31 8:30 a.m.•18 views

CVE-2020-35861

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys...

7.4AI score0.00285EPSS

CVE•added 2020/12/31 8:29 a.m.•48 views

CVE-2020-35862

The CVE-2020-35862 issue affects the bitvec crate for Rust (pre-0.17.4). The vulnerability arises in BitVec to BitBox conversion, causing use-after-free or double-free due to allocation movement during that conversion. The problem is documented across multiple sources (RustSec/RUSTSEC-2020-0007, ...

9.8CVSS9.3AI score0.00509EPSS

Cvelist•added 2020/12/31 8:29 a.m.•18 views

CVE-2020-35862

An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free...

9.5AI score0.00509EPSS

CVE•added 2020/12/31 8:29 a.m.•75 views

CVE-2020-35863

The CVE-2020-35863 entry concerns the hyper crate for Rust prior to 0.12.34, where HTTP request smuggling can lead to remote code execution in certain loopback HTTP server scenarios. Affected component: hyper (Rust crate); root cause: unsafe handling of HTTP requests enabling request smuggling an...

9.8CVSS9.6AI score0.02006EPSS