Mozilla Rust Command Injection Vulnerability (CNVD-2021-85290)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to send non-thread-safe EntityStore and ComponentStores across threads and cause data contention...

Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-85294)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to unlock a mutex lock from an unlocked thread, leading to memory corruption...

SUSE-RU-2021:3115-2 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

SUSE-RU-2021:3116-1 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

SUSE-RU-2021:3115-1 Recommended update for mozilla-nspr, mozilla-nss

This update for mozilla-nspr fixes the following issues: mozilla-nspr was updated to version 4.32: implement new socket option PRSockOptDontFrag support larger DNS records by increasing the default buffer size for DNS queries Lock access to PRCallOnceType members in PRCallOnce for thread safety...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2374)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : libwebp (EulerOS-SA-2021-2403)

According to the versions of the libwebp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this...

Panics as error-handling

Handle nascent Vulnerability details H-04 Panics as error-handling Severity: High Likelihood: Medium The use of .unwrap, expect, and assert! should be limited to tests, compile-time assertions e.g. consts, and configuration checks. Panicks are at the thread level, so stopping one thread...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

An update for glibc is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...

GHSA-7MG7-M5C3-3HQJ Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...

GHSA-GQ4H-F254-7CW9 Duplicate Advisory: Data races in ticketed_lock

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-77m6-x95j-75r5. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implemented Send for ReadTicket & WriteTicket. This allows to send...

Duplicate Advisory: Data races on syncpool

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vp6r-mrq9-8f4h. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implements Send for Bucket2. This allows sending non-Send types to...

GHSA-R88H-6987-G79F Duplicate Advisory: Data races on syncpool

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vp6r-mrq9-8f4h. This link is maintained to preserve external references. Original Description Affected versions of this crate unconditionally implements Send for Bucket2. This allows sending non-Send types to...

Slock<T> allows sending non-Send types across thread boundaries

Slock unconditionally implements Send/Sync. Affected versions of this crate allows sending non-Send types to other threads, which can lead to data races and memory corruption due to the data race...

GHSA-8892-84WF-CG8F SyncChannel<T> can move 'T: !Send' to other threads

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel. SyncChannel doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs...

GHSA-RMFF-F8W9-C9RM Data races in max7301

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

Data races in max7301

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

GHSA-9J8Q-M9X5-9G6J Data races in async-coap

An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Affected versions of this crate implement Send/Sync for ArcGuard with no trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access Rc: !Sync from multiple...

Data race in abox

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...