EUVD-2021-1514

Malware in sbrugna...

alexa (>=0.1.0 <=0.1.2), alipay-rs (>=0.2.0 <=0.4.6) +225 more potentially affected by unknown CVE via iron (>=0.1.21 <=0.6.1)

iron CARGO version =0.1.21, =0.1.0, =0.2.0, =0.3.2, =0.0.1, =0.8.0, =0.14.0, =0.5.0, =0.7.0, =0.0.6, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0061...

Linux Distros Unpatched Vulnerability : CVE-2021-25900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insertmany...

`Read` on uninitialized buffer may cause UB ( `read_entry()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. There are two of such cases gooffsetlog::readentry & offsetlog::readentry. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect...

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...