3 results (0.002 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache<K>. Se ha detectado un problema en la crate cache hasta el 24-11-2020 para Rust. Se presentan implementaciones incondicionales de Send y Sync para la función Cache(K) • https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/cache/RUSTSEC-2020-0128.md https://rustsec.org/advisories/RUSTSEC-2020-0128.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced. Se detectó un problema en la crate cache versiones hasta el 01-01-2021 para Rust.&#xa0;Un puntero sin procesar es desreferenciado • https://rustsec.org/advisories/RUSTSEC-2021-0006.html • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de caché, lo que permite a usuarios locales ejecutar código PHP arbitrario con privilegios adicionales aprovechando una aplicación con el umask establecido a 0 y que ejecuta entradas de caché como código. • http://framework.zend.com/security/advisory/ZF2015-07 http://www.debian.org/security/2015/dsa-3369 http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67 • CWE-264: Permissions, Privileges, and Access Controls •