| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. |
| An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results. |
| An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. |
| An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. |
| An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. |
| An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. |
| An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. |
| An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. |
| An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. |
| An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. |
| An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. |
| An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. |
| The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. |
| The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. |
| The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. |
| The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. |
| The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. |
