Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2022/09/29 12:0 a.m.26 views

openSUSE: Security Advisory for rust1.62 (SUSE-SU-2022:3451-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.3AI score0.01004EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/09/29 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2022:3451-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.01004EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/09/16 5:12 p.m.9 views

armory_cli (>=0.3.3 <=0.3.28), armory_lib (>=0.1.0 <=0.3.28) +133 more potentially affected by CVE-2022-36113 via cargo (>=0.10.0 <=0.64.0)

cargo CARGO version =0.10.0, =0.3.3, =0.1.0, =0.10.0, =0.10.0, =0.1.0, =0.3.1, =0.0.1, =0.1.0, =0.1.0, =0.2.2, =0.6.0, =0.1.0, =0.1.1, =1.1.0 and more Source cves: CVE-2022-36113 Source advisory: OSV:GHSA-RFJ2-Q3H3-HM5J...

8.1CVSS7.2AI score0.01004EPSS
Exploits0
OSV
OSV
added 2022/09/14 6:15 p.m.3 views

DEBIAN-CVE-2022-36113

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

8.1CVSS8.8AI score0.01004EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/09/14 12:0 a.m.7 views

CVE-2022-36113 Extracting malicious crates can corrupt arbitrary files

Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the /.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the...

4.6CVSS8.4AI score0.01004EPSS
Exploits0References2
CVE
CVE
added 2022/09/14 12:0 a.m.85 views

CVE-2022-36113

Cargo vulnerability (CVE-2022-36113): Cargo would extract packages into ~/.cargo and mark success with a .cargo-ok file. A malicious package could include a .cargo-ok symlink; when Cargo wrote ok, it would overwrite the first two bytes of the symlink target, enabling corruption of a single file o...

8.1CVSS7.2AI score0.01004EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder