Lucene search
+L

5 matches found

OpenVAS
OpenVAS
added 2022/09/29 12:0 a.m.26 views

openSUSE: Security Advisory for rust1.62 (SUSE-SU-2022:3451-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.3AI score0.01041EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/09/29 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2022:3451-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.01041EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/09/16 5:12 p.m.7 views

armory_cli (>=0.3.3 <=0.3.28), armory_lib (>=0.1.0 <=0.3.28) +133 more potentially affected by CVE-2022-36114 via cargo (>=0.10.0 <=0.64.0)

cargo CARGO version =0.10.0, =0.3.3, =0.1.0, =0.10.0, =0.10.0, =0.1.0, =0.3.1, =0.0.1, =0.1.0, =0.1.0, =0.2.2, =0.6.0, =0.1.0, =0.1.1, =1.1.0 and more Source cves: CVE-2022-36114 Source advisory: OSV:GHSA-2HVR-H6GW-QRXP...

6.5CVSS6.5AI score0.00822EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/14 12:0 a.m.7 views

CVE-2022-36114 Extracting malicious crates can fill the file system

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

4.8CVSS6.9AI score0.00822EPSS
Exploits0References2
CVE
CVE
added 2022/09/14 12:0 a.m.82 views

CVE-2022-36114

CVE-2022-36114 concerns Cargo, Rust’s package manager. The advisory states Cargo does not limit data extracted from compressed archives, enabling a zip-bomb attack when a malicious package is uploaded to an alternate registry. This could exhaust disk space on a machine downloading the package. Th...

6.5CVSS6.7AI score0.00822EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder