Lucene search
K

9529 matches found

OSV
OSV
added 2025/06/06 3:30 p.m.3 views

GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...

7.1CVSS5.7AI score0.00166EPSS
Exploits0References7
OSV
OSV
added 2025/06/06 2:15 p.m.6 views

AZL-63771 CVE-2025-5791 affecting package kata-containers-cc 3.15.0.aks0-7

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS5.7AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 2:15 p.m.13 views

CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS0.00166EPSS
Exploits0References6
OSV
OSV
added 2025/06/06 2:15 p.m.3 views

CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS5.7AI score0.00166EPSS
Exploits0References6
OSV
OSV
added 2025/06/06 2:15 p.m.2 views

UBUNTU-CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/06 1:10 p.m.39 views

CVE-2025-5791 Users: `root` appended to group listings

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS0.00166EPSS
Exploits0References6
CVE
CVE
added 2025/06/06 1:10 p.m.94 views

CVE-2025-5791

The CVE-2025-5791 entry concerns the Rust users crate with privilege escalation via incorrect group listing when a process has fewer than 1024 groups, which can incorrectly include the root group in the access list. Affected component: the user’s Rust crate (rust-users). Local/exploit path is ind...

7.1CVSS7.1AI score0.00166EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/06 1:10 p.m.9 views

CVE-2025-5791 Users: `root` appended to group listings

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS7.1AI score0.00166EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.5 views

Combating Reentrancy Bugs on Sharded Blockchains

Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular general...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

users crate for Rust 安全漏洞

users crate for Rust is an open source library for Rust by ogham. A security vulnerability exists in users crate for Rust that stems from mishandling of group lists, which could lead to elevated privileges...

7.1CVSS6.4AI score0.00166EPSS
Exploits0References6
Trellix
Trellix
added 2025/06/05 12:0 a.m.27 views

Demystifying Myth Stealer: A Rust Based InfoStealer

Demystifying Myth Stealer: A Rust Based InfoStealer By Niranjan Hegde, Vasantha Lakshmanan Ambasankar and Adarsh S · June 5, 2025 Introduction During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Up...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2025/06/04 8:6 p.m.540 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 Automation Script - Quick Guide Credits - O...

6.5CVSS6.9AI score0.89855EPSS
Exploits28
OSV
OSV
added 2025/06/03 1:15 p.m.4 views

SUSE-SU-2025:01807-1 Security update for 389-ds

This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...

3.7CVSS5.8AI score0.00452EPSS
Exploits0References5
OSV
OSV
added 2025/06/03 1:13 p.m.3 views

SUSE-SU-2025:01806-1 Security update for 389-ds

This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...

3.7CVSS5.8AI score0.00452EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/02 12:0 a.m.5 views

Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2025-992)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-992 advisory. RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for...

5.5AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/31 1:31 a.m.4 views

SUSE CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

4.2CVSS6.9AI score0.00194EPSS
Exploits1References29
NVD
NVD
added 2025/05/30 2:15 a.m.8 views

CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

8.8CVSS0.00194EPSS
Exploits1References2
OSV
OSV
added 2025/05/30 2:15 a.m.2 views

DEBIAN-CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

8.8CVSS5.2AI score0.00194EPSS
Exploits1References1
OSV
OSV
added 2025/05/30 2:15 a.m.3 views

UBUNTU-CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

8.8CVSS5.8AI score0.00194EPSS
Exploits1References4
Fedora
Fedora
added 2025/05/30 1:45 a.m.11 views

[SECURITY] Fedora 41 Update: maturin-1.8.6-1.fc41

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

6.5CVSS7.4AI score0.00443EPSS
Exploits0
Rows per page
Query Builder