9529 matches found
GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...
AZL-63771 CVE-2025-5791 affecting package kata-containers-cc 3.15.0.aks0-7
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
CVE-2025-5791
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
CVE-2025-5791
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
UBUNTU-CVE-2025-5791
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
CVE-2025-5791 Users: `root` appended to group listings
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
CVE-2025-5791
The CVE-2025-5791 entry concerns the Rust users crate with privilege escalation via incorrect group listing when a process has fewer than 1024 groups, which can incorrectly include the root group in the access list. Affected component: the user’s Rust crate (rust-users). Local/exploit path is ind...
CVE-2025-5791 Users: `root` appended to group listings
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
Combating Reentrancy Bugs on Sharded Blockchains
Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular general...
users crate for Rust 安全漏洞
users crate for Rust is an open source library for Rust by ogham. A security vulnerability exists in users crate for Rust that stems from mishandling of group lists, which could lead to elevated privileges...
Demystifying Myth Stealer: A Rust Based InfoStealer
Demystifying Myth Stealer: A Rust Based InfoStealer By Niranjan Hegde, Vasantha Lakshmanan Ambasankar and Adarsh S · June 5, 2025 Introduction During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Up...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
CVE-2022-44268 Automation Script - Quick Guide Credits - O...
SUSE-SU-2025:01807-1 Security update for 389-ds
This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...
SUSE-SU-2025:01806-1 Security update for 389-ds
This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...
Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2025-992)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-992 advisory. RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for...
SUSE CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
DEBIAN-CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
UBUNTU-CVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...
[SECURITY] Fedora 41 Update: maturin-1.8.6-1.fc41
Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...