The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-35894 | An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35893 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35892 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35891 | An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35890 | An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35889 | An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35888 | An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | HIGH | Dec 31, 2020 |
| CVE-2020-35887 | An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. | HIGH | Dec 31, 2020 |
| CVE-2020-35886 | An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. | LOW | Dec 31, 2020 |
| CVE-2020-35885 | An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. | HIGH | Dec 31, 2020 |
| CVE-2020-35884 | An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35883 | An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35882 | An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35881 | An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. | HIGH | Dec 31, 2020 |
| CVE-2020-35880 | An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation. | HIGH | Dec 31, 2020 |
| CVE-2020-35879 | An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. | HIGH | Dec 31, 2020 |
| CVE-2020-35878 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | HIGH | Dec 31, 2020 |
| CVE-2020-35877 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. | HIGH | Dec 31, 2020 |
| CVE-2020-35876 | An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. | HIGH | Dec 31, 2020 |
| CVE-2020-35875 | An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35874 | An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35873 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. | HIGH | Dec 31, 2020 |
| CVE-2020-35872 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type. | HIGH | Dec 31, 2020 |
| CVE-2020-35871 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35870 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free. | HIGH | Dec 31, 2020 |
| CVE-2020-35869 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | HIGH | Dec 31, 2020 |
| CVE-2020-35868 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. | HIGH | Dec 31, 2020 |
| CVE-2020-35867 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. | HIGH | Dec 31, 2020 |
| CVE-2020-35866 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. | HIGH | Dec 31, 2020 |
| CVE-2020-35865 | An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations about char::from_u32_unchecked behavior. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35864 | An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35863 | An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface. | HIGH | Dec 31, 2020 |
| CVE-2020-35862 | An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | HIGH | Dec 31, 2020 |
| CVE-2020-35861 | An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35860 | An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code. | HIGH | Dec 31, 2020 |
| CVE-2020-35859 | An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35858 | An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM). | HIGH | Dec 31, 2020 |
| CVE-2020-35857 | An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. | MEDIUM | Dec 31, 2020 |
| CVE-2020-35856 | SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | LOW | Mar 26, 2021 |
| CVE-2020-35854 | Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | LOW | Jan 26, 2021 |
| CVE-2020-35853 | 4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload. | LOW | Jan 26, 2021 |
| CVE-2020-35852 | Chatbox is affected by cross-site scripting (XSS). An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS. | MEDIUM | Feb 26, 2021 |
| CVE-2020-35851 | HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. | HIGH | Dec 31, 2020 |
| CVE-2020-35850 | An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states I don\'t think [it] is a big real-life issue. | MEDIUM | Dec 30, 2020 |
| CVE-2020-35849 | An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. | MEDIUM | Dec 30, 2020 |
| CVE-2020-35848 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. | HIGH | Dec 31, 2020 |
| CVE-2020-35847 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. | HIGH | Dec 31, 2020 |
| CVE-2020-35846 | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. | HIGH | Dec 31, 2020 |
| CVE-2020-35845 | FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf. | MEDIUM | Jan 29, 2021 |
| CVE-2020-35844 | FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4. | MEDIUM | Jan 29, 2021 |
