ダークウェブのオークションで富士通から漏えいしたデータが売買されている、とネットで指摘されている。真…

axios is vulnerable to Inefficient Regular Expression Complexity
References

https://nvd.nist.gov/vuln/detail/CVE-2021-3749
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-849…

ディスプレイのサイズ以外に、AppleがMacBook Proの各モデルで差別化していたのは搭載され…

Impact
Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. rand_core::BlockRng::next_u64 and rand_core::BlockRng::fill_bytes are affected.
Patches
The flaw was corrected by Ral…

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6…

An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36204
https://github.com/bodil/im-rs/…

An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-35921
https://github.com/yoshuawuyts/miow/issues/38
h…

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. After using an assignment operators such as NotNan::add_assign, NotNan::mul_assign, etc., it was possible for the resulting NotNan value to contain a NaN. Th…