Lucene search
K

62 matches found

Amazon
Amazon
added 2024/01/22 12:0 a.m.14 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
Amazon
Amazon
added 2024/01/22 12:0 a.m.8 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
OSV
OSV
added 2023/08/24 11:15 p.m.6 views

AZL-28511 CVE-2023-40030 affecting package rust for versions less than 1.72.0-2

Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

6.1CVSS6.5AI score0.00846EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/19 12:0 a.m.39 views

Oracle Access Manager Multiple Vulnerabilities (Apr 2023 CPU)

The version of Oracle Access Manager installed on the remote host is missing a security patch from the April 2023 CPU Advisory. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Third Party Jython. T...

7.5CVSS7.3AI score0.03028EPSS
Exploits2References4
Amazon
Amazon
added 2023/03/22 12:0 a.m.22 views

Medium: rust

Issue Overview: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To reco rd when an extraction is successful, Cargo writes "ok" to the...

8.1CVSS8.2AI score0.01004EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.55 views

Amazon Linux 2 : rust (ALAS-2023-1959)

The version of rust installed on the remote host is prior to 1.66.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1959 advisory. Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code ...

8.1CVSS8.1AI score0.01004EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.5 views

SUSE CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

5.4CVSS8.4AI score0.01004EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

4.8CVSS7.9AI score0.00792EPSS
Exploits0References5
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/01/25 12:0 a.m.11 views

Attacking The Supply Chain: Developer

In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment IDE, this proof considers the execution of malicious build scripts via injecting commands when th...

4.4AI score
Exploits0
Gitee
Gitee
added 2022/11/17 10:49 a.m.5 views

firejail

This repository is an open-source project for the Firejail tool, which is a Linux security tool that allows users to sandbox applications and restrict their access to system resources. The repository contains various files and directories related to the project, including configuration files,...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2022/10/29 3:5 a.m.13 views

Cloudflare Public Bug Bounty: Extraction of Pages build scripts, config values, tokens, etc. via symlinks

A vulnerability was discovered in Pages build scripts that allowed malicious actors to extract build source/configuration and environment variables via symlinks due to broader permission set on certain folders within the filesystem structure. The issue was remediated by tightening permissions on...

6.9AI score
Exploits0
OSV
OSV
added 2022/09/14 6:15 p.m.4 views

DEBIAN-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS7.3AI score0.00792EPSS
Exploits0References1
NVD
NVD
added 2022/09/14 6:15 p.m.20 views

CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS0.00792EPSS
Exploits0References2
OSV
OSV
added 2022/09/14 6:15 p.m.3 views

DEBIAN-CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

8.1CVSS8.8AI score0.01004EPSS
Exploits0References1
OSV
OSV
added 2022/09/14 6:15 p.m.3 views

UBUNTU-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS6.4AI score0.00792EPSS
Exploits0References4
Prion
Prion
added 2022/09/14 6:15 p.m.27 views

Design/Logic Flaw

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

4.3CVSS7.2AI score0.00792EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/14 6:15 p.m.36 views

CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS7.2AI score0.00792EPSS
Exploits0References3
CVE
CVE
added 2022/09/14 12:0 a.m.79 views

CVE-2022-36114

CVE-2022-36114 concerns Cargo, Rust’s package manager. The advisory states Cargo does not limit data extracted from compressed archives, enabling a zip-bomb attack when a malicious package is uploaded to an alternate registry. This could exhaust disk space on a machine downloading the package. Th...

6.5CVSS6.7AI score0.00792EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2022/09/14 12:0 a.m.28 views

CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

6.5CVSS6.9AI score0.00792EPSS
Exploits0
CVE
CVE
added 2022/09/14 12:0 a.m.84 views

CVE-2022-36113

Cargo vulnerability (CVE-2022-36113): Cargo would extract packages into ~/.cargo and mark success with a .cargo-ok file. A malicious package could include a .cargo-ok symlink; when Cargo wrote ok, it would overwrite the first two bytes of the symlink target, enabling corruption of a single file o...

8.1CVSS7.2AI score0.01004EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder