rpm package
suse/python-uv&distro=SUSE Linux Enterprise Server for SAP applications 16.0
pkg:rpm/suse/python-uv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32766 | Med | 5.3 | < 0.7.18-160000.5.1 | 0.7.18-160000.5.1 | Mar 20, 2026 | astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping (rather than rejection) of invalid PAX extensions could be used as a building bl | |
| CVE-2026-31812 | Hig | — | < 0.7.18-160000.5.1 | 0.7.18-160000.5.1 | Mar 10, 2026 | Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malf | |
| CVE-2025-62518 | Hig | 8.1 | < 0.7.18-160000.3.1 | 0.7.18-160000.3.1 | Oct 21, 2025 | astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr | |
| CVE-2025-58160 | Low | — | < 0.7.18-160000.3.1 | 0.7.18-160000.3.1 | Aug 29, 2025 | tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i |
- affected < 0.7.18-160000.5.1fixed 0.7.18-160000.5.1
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping (rather than rejection) of invalid PAX extensions could be used as a building bl
- affected < 0.7.18-160000.5.1fixed 0.7.18-160000.5.1
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malf
- affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When pr
- affected < 0.7.18-160000.3.1fixed 0.7.18-160000.3.1
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be i