Lucene search
K

787 matches found

OSV
OSV
added 2026/03/20 9:5 a.m.12 views

BIT-CEPH-2025-52555 CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...

6.5CVSS5.9AI score0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:11 a.m.11 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS5.9AI score0.00379EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 7:11 a.m.22 views

CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS0.00379EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 7:11 a.m.86 views

CVE-2026-33056

The tar-rs Rust library (versions

6.5CVSS5.9AI score0.00379EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 7:11 a.m.5 views

CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

5.1CVSS7AI score0.00379EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 12:0 p.m.5 views

RUSTSEC-2026-0067 `unpack_in` can chmod arbitrary directories by following symlinks

In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadatafs-metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a...

5.1CVSS5.8AI score0.00379EPSS
Exploits1References2
RustSec
RustSec
added 2026/03/19 12:0 p.m.10 views

`unpack_in` can chmod arbitrary directories by following symlinks

In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadatafs-metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a...

6.5CVSS5.8AI score0.00379EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.7 views

NewStart CGSL MAIN 6.06 (SP) : perl Multiple Vulnerabilities (NS-SA-2026-0016)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...

9.8CVSS7.3AI score0.61604EPSS
Exploits22References35
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.15 views

ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS

A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 read,...

6.5CVSS5.9AI score0.00166EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/04 7:31 p.m.4 views

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

7.1CVSS6.3AI score0.00311EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2026/02/04 11:59 a.m.6 views

wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking

A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...

7.1CVSS6.3AI score0.00311EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/01/27 4:59 a.m.10 views

CVE-2026-24131

A flaw was found in pnpm, a package manager. When pnpm processes the directories.bin field of a package, it fails to properly validate the path, allowing a malicious npm package to specify a crafted path. This directory traversal vulnerability enables the package to escape its intended directory...

6.7CVSS5.9AI score0.00244EPSS
Exploits1References6
NVD
NVD
added 2026/01/26 10:15 p.m.9 views

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS0.00244EPSS
Exploits1References3
CVE
CVE
added 2026/01/26 10:3 p.m.20 views

CVE-2026-24131

CVE-2026-24131 concerns pnpm, a package manager. Before version 10.28.2, processing a package’s directories.bin field could join a path without ensuring it stayed under the package root, enabling a crafted package to escape the package and chmod files at arbitrary locations on Unix-like systems. ...

6.7CVSS6AI score0.00244EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/26 10:3 p.m.21 views

CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS0.00244EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:3 p.m.7 views

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS6AI score0.00244EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/26 10:3 p.m.6 views

CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS6AI score0.00244EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/01/26 10:3 p.m.7 views

CVE-2026-24131

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...

6.7CVSS6AI score0.00244EPSS
Exploits1
Veracode
Veracode
added 2026/01/23 9:52 a.m.8 views

Path Traversal

wheel is vulnerable to Path Traversal.The vulnerability is due to unsafe handling of file permissions during wheel extraction, where the unpack function trusts archive header filenames when applying chmod, allowing a malicious wheel to modify permissions of arbitrary system files after path...

7.1CVSS5.6AI score0.00311EPSS
Exploits2References48Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 8 : cups-2.2.6-60.el8_10 (AXSA:2024-8519:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8519:05 advisory. cups: Cupsd Listen arbitrary chmod 0140777 CVE-2024-35235 Tenable has extracted the preceding description block directly from the MiracleLinux security...

6.7CVSS5.8AI score0.02421EPSS
Exploits1References2
Rows per page
Query Builder