Lucene search
K

259 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.10 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Rclone vulnerabilities (USN-8299-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8299-1 advisory. It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could...

9.8CVSS6.1AI score0.34734EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1717)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1717 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS5.9AI score0.00813EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3309 (ALAS-2026-3309)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3309 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag...

7.5CVSS7.4AI score0.00813EPSS
Exploits0References14
Amazon
Amazon
added 2026/05/26 12:0 a.m.25 views

Important: rclone

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
Amazon
Amazon
added 2026/05/26 12:0 a.m.25 views

Important: rclone

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.3AI score0.00813EPSS
Exploits0
OSV
OSV
added 2026/05/25 8:24 a.m.11 views

USN-8299-1 rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

9.8CVSS5.8AI score0.34734EPSS
Exploits3References3
Ubuntu
Ubuntu
added 2026/05/25 8:24 a.m.18 views

USN-8299-1: Rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/25 12:0 a.m.16 views

rclone-1.74.2-1.1 on GA media (moderate)

rclone-1.74.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10856-1 Rating: moderate Cross-References: CVE-2026-25680 CVE-2026-25681 CVE-2026-27136 CVE-2026-33809 CVE-2026-39821 CVE-2026-39824 CVE-2026-39827 CVE-2026-39828 CVE-2026-39829 CVE-2026-39830 CVE-2026-39831 CVE-2026-39832...

8.7CVSS5.8AI score0.00533EPSS
Exploits0
OSV
OSV
added 2026/05/24 12:0 a.m.14 views

OPENSUSE-SU-2026:10856-1 rclone-1.74.2-1.1 on GA media

These are all security issues fixed in the rclone-1.74.2-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS6.4AI score0.00533EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.13 views

PT-2026-43022

Name of the Vulnerable Software and Affected Versions rclone versions prior to 1.74.2-1.1 Description Decoding a paletted BMP file with an out-of-range palette index causes a panic when accessing pixels in the invalid image. Recommendations Update to version 1.74.2-1.1...

9.1CVSS5.8AI score0.0056EPSS
Exploits0References119
OSV
OSV
added 2026/05/21 8:14 a.m.18 views

CLEANSTART-2026-UY49411 Security fixes for CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32952, CVE-2026-33811, CVE-2026-33812, CVE-2026-33813, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-44740, CVE-2026-44973, ghsa-m3xc-h892-ggx6, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj, ghsa-qw64-3x98-g7q2 applied in versions: 1.72.1-r1, 1.73.1-r0, 1.73.5-r0, 1.73.5.r1

Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.01027EPSS
Exploits2References44
OSV
OSV
added 2026/05/20 7:7 p.m.6 views

GO-2026-4964 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

9.8CVSS5.9AI score0.34734EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42368

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

9.8CVSS5.9AI score0.34734EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1658)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1658 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can muta...

9.8CVSS6AI score0.34734EPSS
Exploits3References6
OSV
OSV
added 2026/05/18 7:12 p.m.13 views

MGASA-2026-0147 Updated rclone packages fix security vulnerabilities

This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...

10CVSS7.1AI score0.93305EPSS
Exploits16References35
Mageia
Mageia
added 2026/05/18 7:12 p.m.21 views

Updated rclone packages fix security vulnerabilities

This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...

10CVSS7.1AI score0.93305EPSS
Exploits16References34
OSV
OSV
added 2026/05/18 1:23 p.m.10 views

CLEANSTART-2026-YP16651 Security fixes for CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32280, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.69.0-r0, 1.69.0-r1, 1.69.0-r2, 1.72.1-r1, 1.73.1-r0

Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.01557EPSS
Exploits5References55
OSV
OSV
added 2026/05/18 1:23 p.m.17 views

CLEANSTART-2026-RZ44006 Security fixes for CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32952, CVE-2026-33811, CVE-2026-33812, CVE-2026-33813, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj applied in versions: 1.72.1-r1, 1.73.1-r0, 1.73.5-r0

Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.3AI score0.01027EPSS
Exploits2References38
Amazon
Amazon
added 2026/05/14 12:0 a.m.18 views

Important: rclone

Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in versio...

9.8CVSS5.9AI score0.34734EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3285 (ALAS-2026-3285)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3285 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC...

9.8CVSS6AI score0.34734EPSS
Exploits3References6
Rows per page
Query Builder