1518 matches found
abomonation transmutes &T to and from &[u8] without sufficient constraints
This transmute is at the core of the abomonation crates. It's so easy to use it to violate alignment requirements that no test in the crate's test suite passes under miri. The use of this transmute in serialization/deserialization also incorrectly assumes that the layout of a reprRust type is...
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option...
Unsafe parsing in SWHKD
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service memory exhaustion upon an attempt to parse a large or infinite file such as a block or character device...
Use of Uninitialized Resource in acc_reader.
An issue was discovered in the accreader crate through 2020-12-27 for Rust. readupto may read from uninitialized memory locations...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...
XML External Entity Reference in c3p0:c3p0
c3p0 allows XXE during initialization...
H2O has an External Control of File Name or Path vulnerability
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary...
Serverpod improved security for stored password hashes
Serverpod now uses the OWASP recommended Argon2Id password hash algorithm to store password hashes for the email authentication module...
Serverpod client accepts any certificate
This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpodclient package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic an...
Relative Path Traversal in afire serve_static
This vulnerability effects the built-in afire servestatic extension allowing paths containing //.... to bypass the previous path sanitation and request files in higher directories that should not be accessible...
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.19 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...
Multiple memory safety issues in actix-web
Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...
Update unsound DrainFilter and RString::retain
An issue was discovered in the abistable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop...
personnummer/dart vulnerable to Improper Input Validation
This vulnerability was reported to the personnummer team in June 2020. The slow response was due to locked ownership of some of the affected packages, which caused delays to update packages prior to disclosure. The vulnerability is determined to be low severity...
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...