317 matches found
Rocky Linux 9 : rust (RLSA-2023:4634)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
Fedora 37 : rust (2023-4824704a61)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4824704a61 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
AlmaLinux 9 : rust (ALSA-2023:4634)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4634 advisory. - Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respe...
Fedora 38 : rust (2023-6f2c7aa713)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6f2c7aa713 advisory. Security fix for CVE-2023-38497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
CVE-2023-38497
CVE-2023-38497 concerns Cargo and Rust: older Cargo (pre-0.72.2) bundled with Rust pre-1.71.1 did not respect the umask when extracting crate archives, allowing a local-privilege-like impact where a local user could alter source code being compiled and executed by the current user. The issue is m...
Ubuntu: Security Advisory (USN-6275-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-J3XP-WFR4-HX87 Cargo not respecting umask when extracting crate archives
The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...
Cargo not respecting umask when extracting crate archives
The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
Cargo security breach
Cargo is a Rust package manager open-sourced by The Rust Programming Language. A security vulnerability exists in versions of Cargo prior to 0.72.2, which stems from the fact that on UNIX-like systems, Cargo does not take into account the umask setting when extracting crate archives...
The vulnerability of the bgpd software module for implementing network routing on Unix-like systems allows a hacker to cause service interruptions.
The vulnerability of the bgpd software module for implementing routing on Unix-like systems is related to the issue where an operation is executed outside the buffer in memory when processing BGP OPEN messages with a length of one octet or word. Exploiting this vulnerability allows a remote...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:2203-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2203-1 advisory. - CVE-2021-32751: Fixed arbitrary code execution in application plugin and the gradlew script bsc1188569...
SUSE: Security Advisory (SUSE-SU-2023:2096-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the BGP OPEN Message Handler component of the networking routing implementation software on Unix-like systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely.
The vulnerability of the BGP OPEN Message Handler component of the networking routing implementation software on Unix-like systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory. It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1867-1 advisory. - CVE-2021-29428: Fixed a local privilege escalation through system temporary directory. bsc1184807 Tenab...
Sudo 安全漏洞
Sudo is a program used on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in versions of Sudo prior to 1.9.13 that stems from the fact that Sudo does not escape control characters in log messages...
SUSE CVE-2021-21290
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...
SUSE CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
SUSE CVE-2021-32751
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...