CVE-2020-25573

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint...

CVE-2020-25573

The CVE-2020-25573 issue affects the linked-hash-map crate for Rust prior to 0.5.3, where an uninitialized NonNull pointer violates a non-null constraint. This vulnerability is rated HIGH/CRITICAL (CVSSv3.1: 9.8) and can impact confidentiality, integrity, and availability. Remediation: upgrade to...

CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite loop...

CVE-2020-25574

CVE-2020-25574 affects the Rust http crate prior to 0.1.20. An integer overflow in HeaderMap::reserve() could cause denial of service (for example, an infinite loop). The issue is confirmed by multiple sources (e.g., OSV and GHSA advisories) and was fixed in 0.1.20. Public exploitation details ar...

CVE-2020-25576

An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints...

CVE-2020-25576

CVE-2020-25576 affects the Rust crate rand_core prior to version 0.4.2 . The issue is a misalignment when casting between byte slices and integer slices , which can lead to undefined behavior. Public references indicate this vulnerability may have high-severity implications (consistent with the C...

CVE-2020-25576

An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints...

CVE-2020-25575

An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap...

CVE-2020-25575

An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap...

CVE-2020-25575

An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap...

CVE-2020-25575

CVE-2020-25575 affects the Rust failure crate up to version 0.1.5, introducing compatibility hazards and a type confusion flaw when downcasting. The issue relates to unmaintained/unsupported products and may overlap CVE-2019-25010. CVSS data indicates high to critical impact (network, no auth, wi...

GHSA-QV8Q-V995-72GR personnummer/csharp vulnerable to Improper Input Validation

This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity. Impact This vulnerability impacts...

oniguruma: Use-after-free in onig_new_deluxe() in regext.c

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...

firefox security update

68.12.0-1.0.3 - Build with rust-toolset 1.43 68.12.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file - Improve bindgen configuration wrt clang bmo1526857 -...

acheron (=0.1.0), actix_web_metrics_mw (>=0.0.1 <=0.3.1) +142 more potentially affected by CVE-2020-25791 +5 more via sized-chunks (>=0.1.3 <=0.5.3)

sized-chunks CARGO version =0.1.3, =0.0.1, =0.11.0, =0.11.0, =0.2.0, =0.6.0, =0.4.0, =0.2.0, =1.6.0, =0.10.0, =0.10.0, =0.1.1, =0.33.0, =0.45.1 - cargo-authors =0.5.0 and more Source cves: CVE-2020-25791, CVE-2020-25792, CVE-2020-25793, CVE-2020-25794, CVE-2020-25795, CVE-2020-25796 Source...

PT-2020-16216

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue in the sized-chunks crate for Rust can lead to memory-safety problems. Specifically, in the Chunk implementation, the array size is not checked when constructed with unit, pair, or...

xxlib (>=0.1.0 <=0.4.0) potentially affected by CVE-2020-35890 +1 more via ordnung (=0.0.1)

ordnung CARGO version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on ordnung and may be impacted: - xxlib =0.1.0, =0.4.0 Source cves: CVE-2020-35890, CVE-2020-35891 Source advisory: OSV:RUSTSEC-2020-0038...

Rust Cross-Site Scripting Vulnerability

Rust is a general-purpose, compiled programming language. A cross-site scripting vulnerability exists in versions prior to rgb crate 0.8.20, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to read and write data i...

DEBIAN-CVE-2020-25016

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to for example dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations...

CVE-2020-25016

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to for example dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations...