1078 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : tar-rs vulnerability (USN-8138-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8138-1 advisory. It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into...
core-rs-albatross 数字错误漏洞
core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.3.0 of core-rs-albatross contained a numerical error vulnerability. This vulnerability stems from the fact that the discovery processor accepts peer control restrictions without any change...
Fedora 42 : bpfman (2026-b4d393799a)
"The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b4d393799a advisory. Fix CVE-2026-33056 tar-rs 0.4.45 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from Fedora...
Fedora: Security Advisory (FEDORA-2026-b4d393799a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-8139-1 rust-cargo-c vulnerability
It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...
USN-8138-1: tar-rs vulnerability
It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, a...
CLEANSTART-2026-TC19665 Security fixes for ghsa-65p9-r9h6-22vj, ghsa-hfpc-8r3f-gw53, ghsa-vw5v-4f2q-w9xf applied in versions: 1.6.2-r1
Multiple security vulnerabilities affect the ntpd-rs package. These issues are resolved in later releases. See references for individual vulnerability details...
PT-2026-29964
It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...
[SECURITY] Fedora 43 Update: ntpd-rs-1.7.1-1.fc43
Full-featured implementation of NTP with NTS support...
Fedora: Security Advisory (FEDORA-2026-2dc4882154)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : ntpd-rs (2026-2dc4882154)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2dc4882154 advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...
Fedora 43 : ntpd-rs (2026-cbe2315bad)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbe2315bad advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...
Fedora: Security Advisory (FEDORA-2026-cbe2315bad)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 44 : ntpd-rs (2026-eb0777262e)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eb0777262e advisory. Update to version 1.7.1. Includes the fix for CVE-2026-26076: Release notes: - - Tenable has extracted the preceding description block directly from the Fedo...
CVE-2026-33881
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...
PT-2026-28548
Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.664.0 Description Windmill, a developer platform for internal code including APIs, background jobs, workflows, and UIs, is affected by a code injection issue. Workspace environment variable values are interpolated...
inigo-rs (>=0.1.5 <=0.27.8) potentially affected by unknown CVE via apollo-router (=1.2.1)
apollo-router CARGO version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on apollo-router and may be impacted: - inigo-rs =0.1.5, =0.27.8 Source cves: unknown CVE Source advisory: OSV:GHSA-HFF2-GCPX-8F4P...
CVE-2026-33055
tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...
tar-rs incorrectly ignores PAX size headers if header size is nonzero
...
tar-rs: unpack_in can chmod arbitrary directories by following symlinks
...