2460 matches found
Cross site scripting
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex allows cross-thread sending of a non-Send type...
CVE-2020-35924
CVE-2020-35924 affects the Rust crate try-mutex prior to 0.3.0. The issue arises because TryMutex allowed cross-thread sending of non-Send types due to an unconditional Sync implementation, enabling data races. The root cause is absence of a Send bound on the Sync trait implementation for TryMute...
CVE-2020-35924
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex allows cross-thread sending of a non-Send type...
CVE-2020-12658
gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...
DEBIAN-CVE-2020-12658
gssproxy aka gss-proxy before 0.8.3 does not unlock condmutex before pthread exit in gpworkermain in gpworkers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional...
Gssapi Gssproxy Security Vulnerabilities
Gssapi Gssproxy is a C-based implementation of a GSS-API protocol-compliant proxy for the Gssapi personal developer. A security vulnerability exists in gssproxy aka gss-proxy before 0.8.3, which stems from not unlocking the cond mutex lock before the pthread in gp worker main exits...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust futures-intrusive crate versions prior to 0.4.0 that stems from GenericMutexGuard allowing unsynchronized types of cross-thread data contention. No details of the...
Rust Competition Condition Problem Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust futures-util crate before 0.3.7, which stems from the fact that MutexGuard::map can lead to data contention in certain closure cases in safe code...
Rust 缓冲区错误漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in try-mutex crate for Rust versions prior to 0.3.0, which stems from TryMutex allowing cross-threaded sends of non-sending types. No details of the vulnerability are...
`Demuxer` can carry non-Send types across thread boundaries
In the affected versions of this crate, Demuxer unconditionally implemented Send with no trait bounds on T. This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from...
RUSTSEC-2020-0126 SyncChannel<T> can move 'T: !Send' to other threads
Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...
async-mutex (>=1.0.1 <=1.4.1), blocking-permit (>=0.1.0 <=1.2.1) +18 more potentially affected by CVE-2020-35915 via futures-intrusive (>=0.2.2 <=0.3.1)
futures-intrusive CARGO version =0.2.2, =1.0.1, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.2.0, =0.10.0, =0.3.6, =0.3.7 - raii-counter-futures =0.1.0 - stm32f1xx-futures =0.1.0 - switchyard =0.1.0 and more Source cves: CVE-2020-35915 Source advisory: OSV:RUSTSEC-2020-0072...
Ubuntu 18.04 LTS : atftpd vulnerabilities (USN-4540-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4540-1 advisory. Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause...
USN-4540-1 atftp vulnerabilities
Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. CVE-2019-11365 Denis Andzakovic discovered that atftpd did not properly lock the thread list...
Denial Of Service (DoS)
atftp is vulnerable to denial of service DoS. The vulnerability exists as it does not lock the threadlistmutex mutex before assigning the current thread data structure. As a result, the daemon is vulnerable to a denial of service attack due to a NULL pointer dereference. If threaddata is NULL whe...
PT-2020-13190 · Mit +4 · Gssproxy +4
Name of the Vulnerable Software and Affected Versions: gssproxy versions prior to 0.8.3 Description: The issue is related to the gssproxy aka gss-proxy not unlocking cond mutex before pthread exit in gp worker main in gp workers.c. It is noted that the code in question is already on a shutdown...
Meetecho Janus has an unspecified vulnerability
Meetecho Janus is a WebRTC Web Real Time Communication server from Meetecho. Meetecho Janus has a security vulnerability discovered in Janus via 0.9.1. janusaudiobridge.c has a double mutex lock unlock when listing private rooms in AudioBridge. No details of the vulnerability are provided at this...
CVE-2020-10573
An issue was discovered in Janus through 0.9.1. janusaudiobridge.c has a double mutex unlock when listing private rooms in AudioBridge...
CVE-2020-10573
An issue was discovered in Janus through 0.9.1. janusaudiobridge.c has a double mutex unlock when listing private rooms in AudioBridge...
DEBIAN-CVE-2020-10573
An issue was discovered in Janus through 0.9.1. janusaudiobridge.c has a double mutex unlock when listing private rooms in AudioBridge...