GHSA-Q8X8-JRHJ-FH9P Diesel: Possible unaligned data access for implementations of `SqliteAggregate`

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...

EUVD-2021-1850

Malware in sbrugna...

EUVD-2021-1877

Malware in sbrugna...

EUVD-2021-1710

Malware in sbrugna...

EUVD-2021-1868

Malware in sbrugna...

EUVD-2022-0512

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-35920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

CVE-2021-26308

An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness...

CVE-2021-27377

An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydbsubscriptnextst and ydbsubscriptprevst have a use-after-free...

CVE-2020-36215

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2020-35920

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. playXE/cgc for Mozilla Rust suffers from a memory corruption vulnerability that can be exploited by attackers to cause data contention...

CVE-2020-35896

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack...

CVE-2020-35893

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove has an off-by-one error, causing memory leakage and a drop of uninitialized memory...

CVE-2020-35878

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory...