NULL Pointer Dereference in cbox

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

GHSA-M2PF-HPRP-3VQM Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

Use after free in image

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

Buffer overflow in SmallVec::insert_many

A bug in the SmallVec::insertmany method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap. This bug was only triggered if the iterator passed to insertmany yielded more items than the...

CVE-2020-35860

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

CVE-2020-35860

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

Code injection

An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code...

CVE-2020-35860

CVE-2020-35860 affects the Rust crate cbox (through 2020-03-19). The root cause is described as the CBox API allowing dereferencing raw pointers without requiring unsafe code, which can lead to memory-safety issues. The vulnerability is documented across multiple sources (e.g., RustSec advisory R...

RUSTSEC-2020-0082 ordered_float:NotNan may contain NaN after panic in assignment operators

After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...

Misbehaving `HandleLike` implementation can lead to memory safety violation

Unsafe code in ObjectPool has time-of-check to time-of-use TOCTOU bug that can eventually lead to a memory safety violation. ObjectPool and HandlePool implicitly assumes that HandleLike trait methods are pure, i.e., they always return the same value. However, this assumption is unsound since...

Flaw in interface may drop uninitialized instance of arbitrary types

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

Code injection

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

CVE-2018-6512

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0...

Arbitrary File Download and Code Execution Vulnerability in Mycncartt v2.0.0.3

MyCnCart MCC for short is a free, open source B2C, B2B e-commerce platform system developed for the Chinese mainland market. Mycncartt v2.0.0.3 suffers from an arbitrary file download and code execution vulnerability, as the program does not make reasonable judgments and filters on the download...

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core VPC systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service DoS condition or potentially execute arbitrary...

MGASA-2014-0033 Updated hplip package fixes security vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. CVE-2013-6402 It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker...

Mandriva Linux Security Advisory : hplip (MDVSA-2014:023)

Updated hplip packages fix security vulnerabilities : It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files CVE-2013-6402. It was discovered that HPLIP contained an upgrade tool that would...