Monthly Archive: December 2020

Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. Date published : 2020-12-31 https://github.com/seopanel/Seo-Panel/issues/201

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0092.html

An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex allows cross-thread data races of non-Send types. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0090.html

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0089.html

An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0088.html

An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex allows cross-thread sending of a non-Send type. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0087.html

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0082.html

An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0081.html

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0080.html

An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0079.html

An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0078.html

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. Date published : 2020-12-31 https://github.com/return/branca/issues/24 https://github.com/tuupola/branca-spec/issues/22

An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0074.html

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0073.html