4614 matches found
CVE-2020-36451
An issue was discovered in the rcucell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell...
CVE-2020-36451
CVE-2020-36451 affects the Rust rcu_cell crate, where RcuCell unconditionally implements Send/Sync. This configuration allows sending T in a non-Send context and concurrent access to non-Sync T via RcuCell, creating a data-race risk and potential memory corruption. Public references from multiple...
CVE-2020-36453
An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue...
CVE-2020-36455
An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync...
CVE-2020-36455
An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync...
CVE-2020-36457
CVE-2020-36457 affects the lever crate for Rust, specifically versions before 0.1.1. The root cause is that an internal type, AtomicBox, implements Send and Sync for all types T, which enables non-Send types (e.g., Rc) and non-Sync types (e.g., Cell) to be used across thread boundaries. This can ...
CVE-2020-36457
An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T...
CVE-2020-36458
An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult, there is an implementation of Sync with a trait bound of T: Send, E: Send...
CVE-2020-36460
CVE-2020-36460 affects the Rust model crate: the Shared data structure implements Send and Sync regardless of the inner type, potentially enabling data races in safe Rust. Covered in multiple sources (NVD/RUSTSEC/RH Red Hat) with references to a contention issue; no explicit patch/version remedia...
CVE-2020-36460
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type...
CVE-2020-36461
The CVE-2020-36461 issue affects the Rust crate noise_search, where MvccRwLock is unconditionally Send/Sync. Multiple connected records document data races and aliasing violations when types that are not Send/Sync, such as Rc or Arc<Cell>, are contained inside MvccRwLock and moved across th...
CVE-2020-36461
An issue was discovered in the noisesearch crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock...
CVE-2020-36466
CVE-2020-36466 affects the Rust crate cgc (Ptr type) with multiple soundness issues. The Ptr type implements Send and Sync for all types, enabling potential data races by sending non-thread-safe data across threads. In addition, Ptr::get violates mutable aliasing rules by returning multiple mutab...
CVE-2020-36466
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types...
CVE-2020-36469
The CVE-2020-36469 entry describes a data-race risk in the Rust appendix crate (Index) where Send and Sync are implemented unconditionally for generic K and V. This can permit multi-threaded usage with non-Send/Sync types, potentially causing data contention or races when these types populate the...
CVE-2020-36472
CVE-2020-36472 affects the max7301 crate for Rust older than 0.2.0. The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types, which can allow non-thread-safe Expander contents to be shared across threads. This enables data races when IO can retrieve the Expander a...
CVE-2020-36472
An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain...
Rust 命令注入漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that originates from rcucell crate in Rust. For RcuCell there is an unconditional send and sync implementation, which can be exploited by an attack...
Rust 安全漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a memory corruption vulnerability exists in Mozilla Rust, which stems from Rust's scottqueue crate. for Queue there is an unconditional send and sync implementation, which can be exploited by an attacker to caus...
Config sync may fail after upgrade in HA/Cluster deployments
After upgrading to 13.0 74.14+ from older releases sometimes it was observed that config sync is continuously failing in HA/Cluster deployments. Failure can be because of multiple reasons like: 1. Internal user login is disabled but nscommkey is not configured 2. Sshhostrsakey private and public ...