Lucene search
+L

175 matches found

cvelist
cvelist
added 2021/12/26 9:55 p.m.33 views

CVE-2018-25024

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

9.4AI score0.01288EPSS
Exploits0References2
cve
cve
added 2021/12/26 9:55 p.m.66 views

CVE-2018-25024

CVE-2018-25024 (actix-web) affects the actix-web crate prior to 0.7.15 (Rust). The issue allows unsoundly coercing an immutable reference into a mutable reference, causing memory corruption. Severity is high (NVD CVSS v3.1: 9.8, CRITICAL; CVSS v2: 7.5, HIGH). The provided documents do not specify...

9.8CVSS9.2AI score0.01288EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/12/26 9:55 p.m.17 views

CVE-2018-25025

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

9.4AI score0.01288EPSS
Exploits0References2
cve
cve
added 2021/12/26 9:55 p.m.66 views

CVE-2018-25025

CVE-2018-25025 affects the Rust actix-web crate before version 0.7.15, where it can unsoundly extend the lifetime of a string, leading to memory corruption. The issue is documented with high/critical impact (NVD: CVSS v2 7.5 HIGH; CVSS v3.1 9.8 CRITICAL) and is associated with a network attack su...

9.8CVSS9.2AI score0.01288EPSS
Exploits0References2Affected Software1
cve
cve
added 2021/12/26 9:55 p.m.68 views

CVE-2018-25026

CVE-2018-25026 affects the Rust crate actix-web (before 0.7.15). The vulnerability allows an object that cannot be sent between threads to be marked as Send, enabling memory corruption. This is a Rust web framework issue identified in multiple sources; the core of the problem is the incorrect Sen...

9.8CVSS9.2AI score0.01324EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/12/26 9:55 p.m.26 views

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

9.4AI score0.01324EPSS
Exploits0References2
github
github
added 2021/12/15 10:51 p.m.19 views

DoS Vulnerability from Upstream Actix Web Issues

Impact This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to...

7.1AI score
Exploits0References3Affected Software1
osv
osv
added 2021/12/15 10:51 p.m.29 views

GHSA-GJRJ-9RJ4-PGWX DoS Vulnerability from Upstream Actix Web Issues

Impact This vulnerability affects all users of the perseus deploy functionality who have not exported their sites to static files. If you are using the inbuilt Perseus server in production, there is a memory leak in Actix Web stemming from this upstream issue which can allow even a single user to...

7.1AI score
Exploits0References3
vulnersosv
vulnersosv
added 2021/08/25 8:58 p.m.3 views

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2021-38512 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-38512 Source advisory: OSV:GHSA-8928-2FGM-6X9X...

7.5CVSS7.1AI score0.0181EPSS
Exploits1
osv
osv
added 2021/08/25 8:58 p.m.22 views

GHSA-8928-2FGM-6X9X HTTP Request Smuggling in actix-http

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS7.4AI score0.0181EPSS
Exploits1References7
github
github
added 2021/08/25 8:58 p.m.33 views

HTTP Request Smuggling in actix-http

Affected versions of this crate did not properly detect invalid requests that could allow HTTP/1 request smuggling HRS attacks when running alongside a vulnerable front-end proxy server. This can result in leaked internal and/or user data, including credentials, when the front-end proxy is also...

7.5CVSS7.2AI score0.0181EPSS
Exploits1References7Affected Software1
vulnersosv
vulnersosv
added 2021/08/25 8:50 p.m.14 views

CLI-game-of-life (=0.1.0), RustyBox (=0.1.0) +1539 more potentially affected by CVE-2020-35922 via mio (=0.7.14)

mio CARGO version =0.7.14 is affected by a known vulnerability. The following packages have a transitive dependency on mio and may be impacted: - CLI-game-of-life =0.1.0 - RustyBox =0.1.0 - RustyVault =0.1.0, =0.1.0, =2.0.0-beta.1, =0.1.0, =0.9.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 and more...

5.5CVSS6AI score0.00389EPSS
Exploits1
vulnersosv
vulnersosv
added 2021/08/25 8:49 p.m.6 views

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +325 more potentially affected by CVE-2020-35902 via actix-codec (>=0.1.2 <=0.2.0)

actix-codec CARGO version =0.1.2, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.1 - actix-delay =0.1.0 - actix-diesel-actor =0.1.1 and more Source cves: CVE-2020-35902 Source advisory: OSV:GHSA-RQGX-HPG4-456R...

9.8CVSS7.2AI score0.01629EPSS
Exploits1
osv
osv
added 2021/08/25 8:49 p.m.21 views

GHSA-RQGX-HPG4-456R Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

9.8CVSS9.4AI score0.01629EPSS
Exploits1References5
github
github
added 2021/08/25 8:49 p.m.30 views

Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

9.8CVSS8.9AI score0.01629EPSS
Exploits1References5Affected Software1
osv
osv
added 2021/08/25 8:49 p.m.17 views

GHSA-V3J6-XF77-8R9C Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

7.5CVSS7.5AI score0.01406EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2021/08/25 8:49 p.m.6 views

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2020-35901 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35901 Source advisory: OSV:GHSA-V3J6-XF77-8R9C...

7.5CVSS7.1AI score0.01406EPSS
Exploits1
github
github
added 2021/08/25 8:49 p.m.42 views

Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

7.5CVSS7.3AI score0.01406EPSS
Exploits1References4Affected Software1
vulnersosv
vulnersosv
added 2021/08/25 8:49 p.m.3 views

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +319 more potentially affected by CVE-2020-35898 via actix-utils (>=0.3.5 <=1.0.6)

actix-utils CARGO version =0.3.5, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-35898 Source advisory: OSV:GHSA-HHW2-PQHF-VMX2...

9.1CVSS7.2AI score0.0141EPSS
Exploits1
osv
osv
added 2021/08/25 8:49 p.m.90 views

GHSA-HHW2-PQHF-VMX2 Use after free in actix-utils

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

9.1CVSS9.2AI score0.0141EPSS
Exploits1References5
Rows per page
Query Builder