Monthly Archive: January 2021

An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2021-0008.html

An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault. Date published : 2021-01-22...

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2021-0006.html

An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2021-0005.html

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2021-0004.html

An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2021-0003.html

Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack. Date published : 2021-01-22 https://www.twcert.org.tw/tw/cp-132-4318-09cd3-1.html

Hyweb HyCMS-J1’s API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege. Date published : 2021-01-22 https://www.twcert.org.tw/tw/cp-132-4316-298fc-1.html

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used...

Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can...

HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note...

IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093....

An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer omits a required T: Send bound, a data race and memory corruption can occur. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2020-0114.html

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption implements Sync unconditionally, a data race can occur. Date published : 2021-01-22 https://rustsec.org/advisories/RUSTSEC-2020-0113.html