|
221571
|
9.8 |
CRITICAL
Network
|
hyper
|
http
|
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.
|
CWE-415
Double Free
|
CVE-2019-25009
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221572
|
7.5 |
HIGH
Network
|
streebog_project
|
streebog
|
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.
|
NVD-CWE-noinfo
|
CVE-2019-25007
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221573
|
7.5 |
HIGH
Network
|
streebog_project
|
streebog
|
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2019-25006
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221574
|
7.5 |
HIGH
Network
|
chacha20_project
|
chacha20
|
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2019-25005
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221575
|
9.8 |
CRITICAL
Network
|
google
|
flatbuffers
|
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.
|
NVD-CWE-noinfo
|
CVE-2019-25004
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221576
|
7.5 |
HIGH
Network
|
parity
|
libsecp256k1
|
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2019-25003
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221577
|
9.8 |
CRITICAL
Network
|
sodiumoxide_project
|
sodiumoxide
|
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.
|
NVD-CWE-noinfo
|
CVE-2019-25002
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221578
|
7.5 |
HIGH
Network
|
serde_cbor_project
|
serde_cbor
|
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25001
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221579
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callbac…
|
CWE-125
Out-of-bounds Read
|
CVE-2019-20808
|
2024-11-21 13:39 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221580
|
5.3 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, …
|
CWE-416
Use After Free
|
CVE-2019-20934
|
2024-11-21 13:39 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
