Lucene search
K

317 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.37 views

Rocky Linux 9 : rust (RLSA-2023:4634)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...

7.9CVSS7AI score0.00763EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/17 12:0 a.m.23 views

Fedora 37 : rust (2023-4824704a61)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4824704a61 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.9CVSS7AI score0.00763EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.30 views

AlmaLinux 9 : rust (ALSA-2023:4634)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respe...

7.9CVSS7AI score0.00763EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/10 12:0 a.m.23 views

Fedora 38 : rust (2023-6f2c7aa713)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6f2c7aa713 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

7.9CVSS7AI score0.00763EPSS
Exploits0References2
CVE
CVE
added 2023/08/04 3:51 p.m.329 views

CVE-2023-38497

CVE-2023-38497 concerns Cargo and Rust: older Cargo (pre-0.72.2) bundled with Rust pre-1.71.1 did not respect the umask when extracting crate archives, allowing a local-privilege-like impact where a local user could alter source code being compiled and executed by the current user. The issue is m...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References8Affected Software1
OpenVAS
OpenVAS
added 2023/08/04 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.9CVSS7.3AI score0.00763EPSS
Exploits0References2
OSV
OSV
added 2023/08/03 4:30 p.m.41 views

GHSA-J3XP-WFR4-HX87 Cargo not respecting umask when extracting crate archives

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...

7.9CVSS7.1AI score0.00763EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2023/08/03 4:30 p.m.29 views

Cargo not respecting umask when extracting crate archives

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...

7.9CVSS6.8AI score0.00763EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2023/08/03 12:0 p.m.40 views

CVE-2023-38497

Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...

7.9CVSS6.9AI score0.00763EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.4 views

Cargo security breach

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in versions of Cargo prior to 0.72.2, which stems from the fact that on UNIX-like systems, Cargo does not take into account the umask setting when extracting crate archives...

7.9CVSS6.7AI score0.00763EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2023/05/19 12:0 a.m.9 views

The vulnerability of the bgpd software module for implementing network routing on Unix-like systems allows a hacker to cause service interruptions.

The vulnerability of the bgpd software module for implementing routing on Unix-like systems is related to the issue where an operation is executed outside the buffer in memory when processing BGP OPEN messages with a length of one octet or word. Exploiting this vulnerability allows a remote...

7.8CVSS7.2AI score0.02107EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.25 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:2203-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2203-1 advisory. - CVE-2021-32751: Fixed arbitrary code execution in application plugin and the gradlew script bsc1188569...

8.5CVSS7.8AI score0.02709EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/05/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2023:2096-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.01466EPSS
Exploits3References20
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.7 views

The vulnerability of the BGP OPEN Message Handler component of the networking routing implementation software on Unix-like systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely.

The vulnerability of the BGP OPEN Message Handler component of the networking routing implementation software on Unix-like systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

6.8CVSS7.3AI score0.01983EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/04/28 12:0 a.m.40 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory. It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use...

7.5CVSS6.6AI score0.18891EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2023/04/18 12:0 a.m.25 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1867-1 advisory. - CVE-2021-29428: Fixed a local privilege escalation through system temporary directory. bsc1184807 Tenab...

8.8CVSS7.2AI score0.00534EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.4 views

Sudo 安全漏洞

Sudo is a program used on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in versions of Sudo prior to 1.9.13 that stems from the fact that Sudo does not escape control characters in log messages...

5.3CVSS7.4AI score0.00915EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.10 views

SUSE CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

2.9CVSS7.5AI score0.01777EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.9 views

SUSE CVE-2021-29428

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...

8.8CVSS9.1AI score0.00534EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-32751

Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...

4.8CVSS9.5AI score0.02709EPSS
Exploits1References4
Rows per page
Query Builder