Lucene search
K

1078 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.2 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-rs vulnerability (USN-8138-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8138-1 advisory. It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into...

6.5CVSS6.1AI score0.00379EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.13 views

core-rs-albatross 数字错误漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross contained a numerical error vulnerability. This vulnerability stems from the fact that the discovery processor accepts peer control restrictions without any change...

7.5CVSS5.9AI score0.00461EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.4 views

Fedora 42 : bpfman (2026-b4d393799a)

"The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b4d393799a advisory. Fix CVE-2026-33056 tar-rs 0.4.45 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from Fedora...

6.5CVSS7.1AI score0.00379EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2026/04/02 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2026-b4d393799a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.1AI score0.00379EPSS
Exploits1References3
OSV
OSV
added 2026/04/01 1:44 p.m.10 views

USN-8139-1 rust-cargo-c vulnerability

It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...

6.5CVSS6AI score0.00379EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/04/01 1:35 p.m.9 views

USN-8138-1: tar-rs vulnerability

It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, a...

6.5CVSS6AI score0.00379EPSS
Exploits1
OSV
OSV
added 2026/04/01 9:45 a.m.9 views

CLEANSTART-2026-TC19665 Security fixes for ghsa-65p9-r9h6-22vj, ghsa-hfpc-8r3f-gw53, ghsa-vw5v-4f2q-w9xf applied in versions: 1.6.2-r1

Multiple security vulnerabilities affect the ntpd-rs package. These issues are resolved in later releases. See references for individual vulnerability details...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29964

It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...

6.5CVSS6AI score0.00379EPSS
Exploits1References3
Fedora
Fedora
added 2026/03/31 12:54 a.m.5 views

[SECURITY] Fedora 43 Update: ntpd-rs-1.7.1-1.fc43

Full-featured implementation of NTP with NTS support...

7.5CVSS5.8AI score0.00349EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/03/31 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2026-2dc4882154)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.5 views

Fedora 42 : ntpd-rs (2026-2dc4882154)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2dc4882154 advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

7.5CVSS6AI score0.00349EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.4 views

Fedora 43 : ntpd-rs (2026-cbe2315bad)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbe2315bad advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

7.5CVSS6AI score0.00349EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/31 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2026-cbe2315bad)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.4 views

Fedora 44 : ntpd-rs (2026-eb0777262e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eb0777262e advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...

7.5CVSS6AI score0.00349EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:34 p.m.6 views

CVE-2026-33881

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6AI score0.00378EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.10 views

PT-2026-28548

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.664.0 Description Windmill, a developer platform for internal code including APIs, background jobs, workflows, and UIs, is affected by a code injection issue. Workspace environment variable values are interpolated...

8.6CVSS6AI score0.00378EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/03/26 10:9 p.m.6 views

inigo-rs (>=0.1.5 <=0.27.8) potentially affected by unknown CVE via apollo-router (=1.2.1)

apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: unknown CVE Source advisory: OSV:GHSA-HFF2-GCPX-8F4P...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7.3AI score0.00688EPSS
Exploits2References1
Microsoft CVE
Microsoft CVE
added 2026/03/25 8:2 a.m.8 views

tar-rs incorrectly ignores PAX size headers if header size is nonzero

...

8.1CVSS5.8AI score0.00397EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/03/25 8:1 a.m.9 views

tar-rs: unpack_in can chmod arbitrary directories by following symlinks

...

6.5CVSS5.8AI score0.00379EPSS
Exploits1
Rows per page
Query Builder