| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-35931 |
754 |
|
|
2020-12-31 |
2021-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. |
|
2 |
CVE-2020-35930 |
79 |
|
XSS |
2020-12-31 |
2021-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. |
|
3 |
CVE-2020-35928 |
362 |
|
|
2020-12-31 |
2021-01-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. |
|
4 |
CVE-2020-35927 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. |
|
5 |
CVE-2020-35926 |
338 |
|
|
2020-12-31 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. |
|
6 |
CVE-2020-35925 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. |
|
7 |
CVE-2020-35924 |
787 |
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type. |
|
8 |
CVE-2020-35923 |
416 |
|
|
2020-12-31 |
2021-01-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. |
|
9 |
CVE-2020-35922 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. |
|
10 |
CVE-2020-35921 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. |
|
11 |
CVE-2020-35920 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. |
|
12 |
CVE-2020-35919 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. |
|
13 |
CVE-2020-35918 |
|
|
|
2020-12-31 |
2022-09-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. |
|
14 |
CVE-2020-35917 |
416 |
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. |
|
15 |
CVE-2020-35916 |
400 |
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) |
|
16 |
CVE-2020-35915 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. |
|
17 |
CVE-2020-35914 |
362 |
|
|
2020-12-31 |
2021-01-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. |
|
18 |
CVE-2020-35913 |
362 |
|
|
2020-12-31 |
2021-01-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. |
|
19 |
CVE-2020-35912 |
362 |
|
|
2020-12-31 |
2021-01-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. |
|
20 |
CVE-2020-35911 |
362 |
|
|
2020-12-31 |
2021-01-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. |
|
21 |
CVE-2020-35910 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. |
|
22 |
CVE-2020-35909 |
|
|
|
2020-12-31 |
2021-01-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. |
|
23 |
CVE-2020-35908 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. |
|
24 |
CVE-2020-35907 |
476 |
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference. |
|
25 |
CVE-2020-35906 |
416 |
|
|
2020-12-31 |
2021-01-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. |
|
26 |
CVE-2020-35905 |
362 |
|
|
2020-12-31 |
2021-01-06 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). |
|
27 |
CVE-2020-35904 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. |
|
28 |
CVE-2020-35903 |
|
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. |
|
29 |
CVE-2020-35902 |
416 |
|
|
2020-12-31 |
2021-01-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. |
|
30 |
CVE-2020-35901 |
416 |
|
|
2020-12-31 |
2021-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. |
|
31 |
CVE-2020-35900 |
416 |
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. |
|
32 |
CVE-2020-35899 |
416 |
|
|
2020-12-31 |
2021-01-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. |
|
33 |
CVE-2020-35898 |
416 |
|
|
2020-12-31 |
2021-01-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. |
|
34 |
CVE-2020-35897 |
362 |
|
|
2020-12-31 |
2021-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. |
|
35 |
CVE-2020-35896 |
770 |
|
|
2020-12-31 |
2022-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. |
|
36 |
CVE-2020-35895 |
787 |
|
|
2020-12-31 |
2022-12-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion. |
|
37 |
CVE-2020-35894 |
706 |
|
|
2020-12-31 |
2021-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. |
|
38 |
CVE-2020-35893 |
193 |
|
|
2020-12-31 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. |
|
39 |
CVE-2020-35892 |
125 |
|
|
2020-12-31 |
2021-01-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. |
|
40 |
CVE-2020-35891 |
415 |
|
|
2020-12-31 |
2021-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. |
|
41 |
CVE-2020-35890 |
125 |
|
|
2020-12-31 |
2021-01-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. |
|
42 |
CVE-2020-35889 |
367 |
|
|
2020-12-31 |
2021-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike. |
|
43 |
CVE-2020-35888 |
|
|
|
2020-12-31 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. |
|
44 |
CVE-2020-35887 |
120 |
|
Overflow |
2020-12-31 |
2021-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. |
|
45 |
CVE-2020-35886 |
362 |
|
|
2020-12-31 |
2021-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. |
|
46 |
CVE-2020-35885 |
415 |
|
|
2020-12-31 |
2021-09-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. |
|
47 |
CVE-2020-35884 |
444 |
|
|
2020-12-31 |
2022-04-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. |
|
48 |
CVE-2020-35883 |
22 |
|
Dir. Trav. |
2020-12-31 |
2021-01-07 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. |
|
49 |
CVE-2020-35882 |
362 |
|
|
2020-12-31 |
2021-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. |
|
50 |
CVE-2020-35881 |
787 |
|
Mem. Corr. |
2020-12-31 |
2021-01-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. |
