Total
53 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36216 | 1 Petabi | 1 Eventio | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. | |||||
| CVE-2019-5675 | 1 Nvidia | 1 Gpu Driver | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure. | |||||
| CVE-2020-36217 | 1 May Queue Project | 1 May Queue | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. | |||||
| CVE-2019-15031 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2021-07-21 | 3.6 LOW | 4.4 MEDIUM |
| In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c. | |||||
| CVE-2020-13759 | 1 Vm-memory Project | 1 Vm-memory | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). | |||||
| CVE-2020-36208 | 1 Conquer-once Project | 1 Conquer-once | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | |||||
| CVE-2020-36206 | 1 Rusb Project | 1 Rusb | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | |||||
| CVE-2021-25376 | 1 Samsung | 1 Email | 2021-04-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | |||||
| CVE-2018-25008 | 1 Rust-lang | 1 Rust | 2021-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. | |||||
| CVE-2020-14059 | 1 Squid-cache | 1 Squid | 2021-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list. | |||||
| CVE-2020-14098 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2021-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| The login verification can be bypassed by using the problem that the time is not synchronized after the router restarts. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | |||||
| CVE-2019-16137 | 1 Spin-rs Project | 1 Spin-rs | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion. | |||||
| CVE-2018-15555 | 1 Actiontec | 2 Web6000q, Web6000q Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. | |||||