Lucene search
K

81 matches found

BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.4 views

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files involves the generation of invalid tokens and checksums during the copying process. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

6.1CVSS7.3AI score0.01761EPSS
Exploits1References19Affected Software7
BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.5 views

The vulnerability of the `-safe-links` configuration in the rsyncd daemon’s utility for transferring and synchronizing files allows a hacker to write arbitrary files.

The vulnerability of the -safe-links configuration in the rsyncd daemon’s utility for transferring and synchronizing files involves bypassing the directory path check, resulting in the absence of symbolic link checks. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

7.8CVSS7.4AI score0.04575EPSS
Exploits0References17Affected Software10
BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.8 views

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files allows a attacker to bypass ASLR protection and gain unauthorized access to protected information.

The vulnerability of the rsyncd utility for transferring and synchronizing Rsync files is related to the execution of operations outside the buffer boundaries in memory, as a result of incorrect comparison of file checksums. Exploiting this vulnerability can allow an attacker to bypass ASLR...

7.8CVSS7.7AI score0.09353EPSS
Exploits2References21Affected Software11
BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.7 views

The vulnerability in the `-inc-recursive` configuration of the rsyncd daemon’s utility for transferring and synchronizing files allows a attacker to write arbitrary files.

The vulnerability of the -inc-recursive configuration of the rsyncd daemon, a utility for transferring and synchronizing files, involves traversing directory paths without checking for symbolic links, along with checks for duplication. Exploiting this vulnerability allows an attacker to write...

7.8CVSS7.3AI score0.02224EPSS
Exploits1References18Affected Software9
SUSE CVE
SUSE CVE
added 2025/01/16 4:8 a.m.3 views

SUSE CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.2AI score0.72059EPSS
Exploits4References14
OSV
OSV
added 2025/01/15 3:15 p.m.7 views

AZL-55691 CVE-2024-12084 affecting package rsync for versions less than 3.4.1-1

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.6AI score0.72059EPSS
Exploits4References1
OSV
OSV
added 2025/01/15 3:15 p.m.4 views

AZL-55646 CVE-2024-12084 affecting package rsync for versions less than 3.4.1-1

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.6AI score0.72059EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2025/01/15 3:15 p.m.2 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer. Rapid7 Analysis...

9.8CVSS7.6AI score0.72059EPSS
Exploits4References5Affected Software6
OSV
OSV
added 2025/01/15 3:15 p.m.3 views

ALPINE-CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.2AI score0.72059EPSS
Exploits4References1
OSV
OSV
added 2025/01/15 3:15 p.m.3 views

DEBIAN-CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS8.9AI score0.72059EPSS
Exploits4References1
NVD
NVD
added 2025/01/15 3:15 p.m.36 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS0.72059EPSS
Exploits4References8
AlpineLinux
AlpineLinux
added 2025/01/15 2:16 p.m.34 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.6AI score0.72059EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2025/01/15 2:16 p.m.8 views

CVE-2024-12084 Rsync: heap buffer overflow in rsync due to improper checksum length handling

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS9.6AI score0.72059EPSS
Exploits4References4
OSV
OSV
added 2025/01/15 2:16 p.m.17 views

CVE-2024-12084 Rsync: heap buffer overflow in rsync due to improper checksum length handling

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.2AI score0.72059EPSS
Exploits8References12
NVD
NVD
added 2025/01/14 6:15 p.m.7 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS0.09353EPSS
Exploits2References28
AlpineLinux
AlpineLinux
added 2025/01/14 5:37 p.m.22 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS7.6AI score0.09353EPSS
Exploits2
Debian CVE
Debian CVE
added 2025/01/14 5:37 p.m.28 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS8AI score0.09353EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/01/14 5:28 p.m.8 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Mitigation Seei...

7.5CVSS7.3AI score0.09353EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/01/14 5:28 p.m.14 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer. Mitigation Red Hat...

9.8CVSS9.4AI score0.72059EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.17 views

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-800 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming...

7.5CVSS7.3AI score0.09353EPSS
Exploits4References12
Rows per page
Query Builder