CVE-2020-36466

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...

CVE-2020-36466

CVE-2020-36466 affects the Rust crate cgc (Ptr type) with multiple soundness issues. The Ptr type implements Send and Sync for all types, enabling potential data races by sending non-thread-safe data across threads. In addition, Ptr::get violates mutable aliasing rules by returning multiple mutab...

CVE-2020-36469

The CVE-2020-36469 entry describes a data-race risk in the Rust appendix crate (Index) where Send and Sync are implemented unconditionally for generic K and V. This can permit multi-threaded usage with non-Send/Sync types, potentially causing data contention or races when these types populate the...

CVE-2020-36471

CVE-2020-36471 concerns the Rust generator crate prior to 0.7.0, where the yielding function does not enforce Send bounds on the value yielded, while the Generator type is Send. This mismatch allows potential data races when generators are used across threads with non-Send components (e.g., Rc) i...

CVE-2020-36471

An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function for yielding values has Send bounds...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. buffer overflow vulnerabilities exist in versions of Mozilla Rust prior to 0.3.0, stemming from the ticketedlock crate in Rust. there are unconditional Send implementations for ReadTicket and WriteTicket, which...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that originates from rcucell crate in Rust. For RcuCell there is an unconditional send and sync implementation, which can be exploited by an attack...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Rust suffers from a command injection vulnerability that stems from the cache crate in Rust having an unconditional send and synchronization implementation for cache...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a memory corruption vulnerability exists in Mozilla Rust, which stems from Rust's scottqueue crate. for Queue there is an unconditional send and sync implementation, which can be exploited by an attacker to caus...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A resource management error vulnerability exists in the Linux kernel, which can be exploited by an attacker to trigger a denial of service and run arbitrary code by forcing the use of a freed area of...

Router has an arbitrary send

Handle heiho1 Vulnerability details Impact Router.sol line 221 has an arbitary-send of iBEP20token.transferrecipient, amount. The call ignore the transfer result. This is a brittle implementation because it relies on the boolean return value being hard-coded to true. Further, if a token...

CVE-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary Web script or HTML via the "Campaign" field under the "Send...

PT-2021-12040 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist versions 3.5.4 and below Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Campaign field under the Send a campaign module. Recommendations: For...

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Send Test" field under the "Start or Continue Campaig...

PT-2021-10858 · Phplist · Phplist

Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Send test field under the Start or continue campaign module...

GSD-2021-1000125 net: qrtr: Avoid potential use after free in MHI send

net: qrtr: Avoid potential use after free in MHI send This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.19 by commit...

GSD-2021-1000090 net: qrtr: Avoid potential use after free in MHI send

net: qrtr: Avoid potential use after free in MHI send This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.2 by commit...

GSD-2021-1000315 nvmet-rdma: Fix NULL deref when SEND is completed with error

nvmet-rdma: Fix NULL deref when SEND is completed with error This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.38 by commit...