pytorch-lightning is vulnerable to Deserialization of Untrusted Data.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-4118
https://github.com/pytorchlightning/pytorch-lightning/commit/62f1e82e032eb16565e676d39e0db0cac7e34ace
https://huntr.dev/bou…
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25024
https://raw.github…
An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25023
https://raw.githubusercontent.com/rustsec/ad…
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25027
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpu…
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25026
h…
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25025
https://raw.githubusercontent.com/rustsec…
An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-25055
https://raw.githubusercontent.com/r…
An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization.
References
https://…
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-25028
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-…
An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-36512
https://raw.githubusercontent.com/rustsec/adviso…
