Type confusion

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509 Prototype Pollution

This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays...

CVE-2021-23509

CVE-2021-23509 affects the json-ptr package prior to 3.0.0. The vulnerability is described as a type confusion in the pointer parameter that can be triggered by user-provided keys, potentially enabling a bypass of CVE-2020-7766 when those keys are arrays. Related advisories (GHSA, osv, NVD entrie...

Use of Uninitialized Resource in alg_ds

An issue was discovered in the algds crate through 2020-08-25 for Rust. Matrix::new internally calls Matrix::fillwith which uses ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of...

GHSA-PWHF-7427-9VV2 Non-atomic writes in cgc

Multiple soundness issues in Ptr in cgc Affected versions of this crate have the following issues: 1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads. 2. Ptr::get violates mutable alias rules by returning multiple mutable...

GHSA-F3MQ-99JR-WW4R Multiple soundness issues in cgc

Affected versions of this crate have the following issues: 1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads. 2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object. 3. Ptr::writ...

Data races in cgc

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...

GHSA-F9XR-3M55-5Q2V Data races in cgc

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...

CVE-2020-36468

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer...

CVE-2020-36466

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...

CVE-2020-36467

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object...

Design/Logic Flaw

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object...

CVE-2020-36466

CVE-2020-36466 affects the Rust crate cgc (Ptr type) with multiple soundness issues. The Ptr type implements Send and Sync for all types, enabling potential data races by sending non-thread-safe data across threads. In addition, Ptr::get violates mutable aliasing rules by returning multiple mutab...

CVE-2020-36466

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...

CVE-2020-36467

The CVE-2020-36467 entry concerns the Rust crate cgc . The root cause is that Ptr::get returns multiple mutable references to the same object, violating alias rules. Multiple connected sources describe this issue and note potential data races when the crate is used across threads. The records ref...

GSD-2021-1001280 misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge

misc: alcorpci: fix null-ptr-deref when there is no PCI bridge This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.52 by commit...

GSD-2021-1001205 misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge

misc: alcorpci: fix null-ptr-deref when there is no PCI bridge This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.4 by commit...

OESA-2021-1176 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain...

UVI-2021-1001032 usb: fix various gadgets null ptr deref on 10gbps cabling.

usb: fix various gadgets null ptr deref on 10gbps cabling. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.11 by commit...

UVI-2021-1000956 usb: fix various gadgets null ptr deref on 10gbps cabling.

usb: fix various gadgets null ptr deref on 10gbps cabling. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.44 by commit...