4 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. Se ha detectado un problema en la crate arc-swap versiones anteriores a 0.4.8 (y versiones 1.x anteriores a 1.1.0) para Rust. El uso de la función arc_swap::access::Map con el asistente de prueba Constant (o con una implementación suministrada por el usuario del rasgo Access) a veces podría conllevar a que referencias colgantes sean devueltas por el mapa • https://github.com/vorner/arc-swap/issues/45 https://rustsec.org/advisories/RUSTSEC-2020-0091.html •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

ARC 5.21q allows directory traversal via a full pathname in an archive file. ARC 5.21q permite saltos de directorio mediante un nombre de ruta completo en un archivo. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00048.html https://bugs.debian.org/774527 https://bugzilla.redhat.com/show_bug.cgi?id=1179142 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945. • http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0535.html http://marc.info/?l=bugtraq&m=112689596714383&w=2 http://secunia.com/advisories/16805 http://secunia.com/advisories/17068 http://securityreason.com/securityalert/11 http://www.debian.org/security/2005/dsa-843 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). • http://marc.info/?l=bugtraq&m=112689596714383&w=2 http://secunia.com/advisories/16805 http://secunia.com/advisories/17068 http://www.debian.org/security/2005/dsa-843 http://www.zataz.net/adviso/arc-09052005.txt •