Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2021
CVE-2021-45701
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45702
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-27
CVE-2021-45703
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
CVE-2021-45704
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-12-27
CVE-2021-45705
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
CVE-2021-45706
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
CVE-2021-45707
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45708
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-27
CVE-2018-25025
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
CVE-2018-25026
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved