Security Vulnerabilities - CVEs Published In 2020
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-12-31
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race.
CVSS Score
4.7
EPSS Score
0.0
Published
2020-12-31
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-31
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-31
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike.
CVSS Score
8.1
EPSS Score
0.003
Published
2020-12-31
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-31
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-31
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-12-31