9506 matches found
Rust Resource Management Error Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust actix-utils crate before 2.0.0, which stems from a Cell implementation that allows obtaining multiple mutable references to the same data...
Rust futures-util crate security vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in futures-util crate before 0.3.2 for Rust, which stems from the fact that FuturesUnordered may result in data corruption due to improper synchronization handling...
DEBIAN-CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
UBUNTU-CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
Information disclosure
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
CVE-2020-35711
An issue has been discovered in the arc-swap crate before 0.4.8 and 1.x before 1.1.0 for Rust. Use of arcswap::access::Map with the Constant test helper or with a user-supplied implementation of the Access trait could sometimes lead to dangling references being returned by the map...
CVE-2020-35711
CVE-2020-35711 : In arc-swap for Rust, using arc_swap::access::Map with the Constant test helper (or a user-supplied Access) can return dangling references. Affected versions are arc-swap prior to 0.4.8 and 1.x prior to 1.1.0. Impact is potential invalid references; remediation is to upgrade to a...
Rust Code Issues Vulnerabilities
Rust is a general-purpose, compiled programming language. A security vulnerability exists in Rust versions prior to 0.4.8 and versions prior to 1.1.0 of the 1.x series, which stems from the use of arc swap::access::Map and the Constant test helper or the use of a user-supplied implementation of t...
CVE-2020-26281
async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...
CVE-2020-26281
async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...
Cross site request forgery (csrf)
async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...
CVE-2020-26281 request smuggling in async-h1
async-h1 is an asynchronous HTTP/1.1 parser for Rust crates.io. There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the bo...
CVE-2020-26281
CVE-2020-26281 affects the async-h1 crate (Rust) before version 2.3.0 when used behind a reverse proxy. The vulnerability arises when the server does not consume a request body beyond a buffer, allowing a smuggled request to be read from the body and potentially forge or manipulate forwarded head...
RUSTSEC-2020-0105 Update unsound DrainFilter and RString::retain
Affected versions of this crate contained code from the Rust standard library that contained soundness bugs rust-lang/rust60977 double drop & rust-lang/rust78498 create invalid utf-8 string. The flaw was corrected in v0.9.1 by making a similar fix to the one made in the Rust standard library...
Update unsound DrainFilter and RString::retain
Affected versions of this crate contained code from the Rust standard library that contained soundness bugs rust-lang/rust60977 double drop & rust-lang/rust78498 create invalid utf-8 string. The flaw was corrected in v0.9.1 by making a similar fix to the one made in the Rust standard library...
buttplug_ws_connector (=0.0.1), healslut (=0.1.0) +1 more potentially affected by CVE-2020-36218 via buttplug (>=0.0.2 <=0.9.2)
buttplug CARGO version =0.0.2, =0.0.1, =20.0.0 Source cves: CVE-2020-36218 Source advisory: OSV:RUSTSEC-2020-0112...