CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021595 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ipset.ko...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8271-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8271-1 advisory. It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker...

FreeBSD Security Advisory - FreeBSD-SA-26:20.fusefs

FreeBSD Security Advisory - When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated...

Linux Distros Unpatched Vulnerability : CVE-2026-43293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix kthread worker destruction in polling mode Fix the cleanup order in polling mode irq worklist and...

Rsync 后置链接漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync 3.4.2 and earlier have a post-release vulnerability due to a symbolic link race condition in the path system call. Local attackers can redirect operations to...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-8280-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8280-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Cop...

RHEL 9 : python3.9 (RHSA-2026:19571)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19571 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PT-2026-42369

Nuclei: Local File Read via require Module Loader Bypass in github.com/projectdiscovery/nuclei...

CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

PT-2026-42119

Name of the Vulnerable Software and Affected Versions FreePBX affected versions not specified Description Hardcoded credentials in the Userman module allow unauthenticated access to the portal, potentially exposing business phone systems. Recommendations Update the installed modules to the latest...

Oracle Linux 9 : nginx (ELSA-2026-18029)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18029 advisory. - Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of...

Oracle Linux 8 : kernel (ELSA-2026-16195)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-16195 advisory. 4.18.0-553.124.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to t...

PT-2026-42053

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A symlink race condition exists in path-based system calls, including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat. Local attackers with filesystem access can...

Linux Distros Unpatched Vulnerability : CVE-2026-43619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir,...

RHEL 8 : kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 (RHSA-2026:19572)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19572 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

PT-2026-42153

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A time-of-check to time-of-use TOCTOU race condition exists in the daemon file handling. This occurs when an rsync daemon is configured with the chroot setting set to false. A local attacker with write...