CVE-2020-36458

An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult, there is an implementation of Sync with a trait bound of T: Send, E: Send...

CVE-2020-36460

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...

CVE-2020-36460

CVE-2020-36460 affects the Rust model crate: the Shared data structure implements Send and Sync regardless of the inner type, potentially enabling data races in safe Rust. Covered in multiple sources (NVD/RUSTSEC/RH Red Hat) with references to a contention issue; no explicit patch/version remedia...

CVE-2020-36461

An issue was discovered in the noisesearch crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock...

CVE-2020-36461

The CVE-2020-36461 issue affects the Rust crate noise_search, where MvccRwLock is unconditionally Send/Sync. Multiple connected records document data races and aliasing violations when types that are not Send/Sync, such as Rc or Arc<Cell>, are contained inside MvccRwLock and moved across th...

CVE-2020-36466

An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...

CVE-2020-36466

CVE-2020-36466 affects the Rust crate cgc (Ptr type) with multiple soundness issues. The Ptr type implements Send and Sync for all types, enabling potential data races by sending non-thread-safe data across threads. In addition, Ptr::get violates mutable aliasing rules by returning multiple mutab...

CVE-2020-36469

The CVE-2020-36469 entry describes a data-race risk in the Rust appendix crate (Index) where Send and Sync are implemented unconditionally for generic K and V. This can permit multi-threaded usage with non-Send/Sync types, potentially causing data contention or races when these types populate the...

CVE-2020-36472

CVE-2020-36472 affects the max7301 crate for Rust older than 0.2.0. The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types, which can allow non-thread-safe Expander contents to be shared across threads. This enables data races when IO can retrieve the Expander a...

CVE-2020-36472

An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain...

Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that originates from rcucell crate in Rust. For RcuCell there is an unconditional send and sync implementation, which can be exploited by an attack...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a memory corruption vulnerability exists in Mozilla Rust, which stems from Rust's scottqueue crate. for Queue there is an unconditional send and sync implementation, which can be exploited by an attacker to caus...

Config sync may fail after upgrade in HA/Cluster deployments

After upgrading to 13.0 74.14+ from older releases sometimes it was observed that config sync is continuously failing in HA/Cluster deployments. Failure can be because of multiple reasons like: 1. Internal user login is disabled but nscommkey is not configured 2. Sshhostrsakey private and public ...

OPENSUSE-SU-2021:1091-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

UVI-2021-1001256 dma-buf/sync_file: Don't leak fences on merge failure

dma-buf/syncfile: Don't leak fences on merge failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.53 by commit...

Remote memory exhaustion in ckb

In the ckb sync protocol, SyncState maintains a HashMap called 'misbehavior' that keeps a score of a peer's violations of the protocol. This HashMap is keyed to PeerIndex an alias for SessionId, and entries are never removed from it. SessionId is an integer that increases monotonically with every...

OPENSUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

SUSE-SU-2021:2458-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 78.12 fixed: Sending an email containing HTML links with spaces in the URL sometimes resulted in broken links fixed: Folder Pane display theme fixes for macOS fixed: Chat account settings did not always save as...

[SECURITY] Fedora 33 Update: nextcloud-19.0.13-1.fc33

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. The highest threat from this vulnerability is t...