Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in Rust rusb crate before 0.7.0, which stems from a lack of send and synchronization restrictions, can be exploited by an attacker to cause data contention and memory corruption...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust mayqueue crate through 2020-11-10 A security vulnerability exists due to a limitation in the queue's lack of send feature or synchronization feature, which could be exploited by an attacker to cause a memor...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust multiqueue2 crate before 0.1.7, which stems from the fact that the non-Send type can be sent to a different thread, resulting in a data contention...

Rust 安全漏洞

Rust, a general-purpose, compiled programming language from the Mozilla Foundation, was previously vulnerable in version 0.5.1. The vulnerability stems from the fact that programs can send non-send types to other threads, which can be exploited by attackers to potentially cause data contention an...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in Rust late-static crate before 0.4.0, which stems from the fact that Sync is implemented with LateStatic's T: Send, causing data contention to occur. No details of the...

Reffers Crate Security Breach

Reffers Crate through 2020-12-01 for Rust A security vulnerability exists that stems from the fact that ARefss can contain a !Send,!Sync object, resulting in data contention and memory corruption...

PT-2021-16821 · Node Red · Node-Red-Contrib-Huemagic

Name of the Vulnerable Software and Affected Versions: node-red-contrib-huemagic version 3.0.0 Description: The issue allows for Directory Traversal, enabling access to arbitrary files. This is achieved through the res.sendFile API in the file hue-magic.js, using the hue/assets/..%2F path...

Rust 缓冲区错误漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust lazy-init crate through 2021-01-17, which stems from a lack of send bindings in Lazy, leading to data contention. No details of the vulnerability are provided at this time...

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip ," the exploit chain takes advantage of a feature called "Send to Kindle" to send a...

CVE-2020-36204

An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...

CVE-2020-36206

An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur...

CVE-2020-36207

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

CVE-2020-36215

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2021-25901

CVE-2021-25901 concerns the lazy-init crate for Rust, where the absence of a Send bound enables data races in safe code. Consequence is potential data contention and non-deterministic behavior if the crate is used in multi-threaded contexts. Public advisories (RustSec/RustSec-advisory style) desc...

CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...

PT-2021-5771

Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A flaw was found in the client send params function of the lib/ext/pre shared key.c component, related to a use after free issue. This may lead to memory corruption and other potential...

Missing Send bound for Lazy

All current versions of this crate allow causing data races in safe code. The flaw will be fixed in the next release...

CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file...

CVE-2020-26664

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file...