787 matches found
BIT-CEPH-2025-52555 CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is tha...
CVE-2026-33056
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
CVE-2026-33056
The tar-rs Rust library (versions
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
RUSTSEC-2026-0067 `unpack_in` can chmod arbitrary directories by following symlinks
In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadatafs-metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a...
`unpack_in` can chmod arbitrary directories by following symlinks
In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadatafs-metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a...
NewStart CGSL MAIN 6.06 (SP) : perl Multiple Vulnerabilities (NS-SA-2026-0016)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...
ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS
A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 read,...
wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...
wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the...
CVE-2026-24131
A flaw was found in pnpm, a package manager. When pnpm processes the directories.bin field of a package, it fails to properly validate the path, allowing a malicious npm package to specify a crafted path. This directory traversal vulnerability enables the package to escape its intended directory...
CVE-2026-24131
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...
CVE-2026-24131
CVE-2026-24131 concerns pnpm, a package manager. Before version 10.28.2, processing a package’s directories.bin field could join a path without ensuring it stayed under the package root, enabling a crafted package to escape the package and chmod files at arbitrary locations on Unix-like systems. ...
CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...
CVE-2026-24131
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...
CVE-2026-24131 pnpm has Path Traversal via arbitrary file permission modification
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...
CVE-2026-24131
pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's directories.bin field, it uses path.join without validating the result stays within the package root. A malicious npm package can specify "directories": "bin": "../../../../tmp" to escape the package directory,...
Path Traversal
wheel is vulnerable to Path Traversal.The vulnerability is due to unsafe handling of file permissions during wheel extraction, where the unpack function trusts archive header filenames when applying chmod, allowing a malicious wheel to modify permissions of arbitrary system files after path...
MiracleLinux 8 : cups-2.2.6-60.el8_10 (AXSA:2024-8519:05)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8519:05 advisory. cups: Cupsd Listen arbitrary chmod 0140777 CVE-2024-35235 Tenable has extracted the preceding description block directly from the MiracleLinux security...