Lucene search
K

2473 matches found

OSV
OSV
added 2025/01/14 6:15 p.m.3 views

ALPINE-CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS6.7AI score0.04575EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:15 p.m.1 views

ALPINE-CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS6.3AI score0.01761EPSS
Exploits1References1
OSV
OSV
added 2025/01/14 6:15 p.m.1 views

DEBIAN-CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS8AI score0.09353EPSS
Exploits2References1
OSV
OSV
added 2025/01/14 6:15 p.m.7 views

AZL-55679 CVE-2024-12747 affecting package rsync for versions less than 3.4.1-1

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass...

5.6CVSS7.2AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:15 p.m.23 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS7.4AI score0.72059EPSS
Exploits8References27
OSV
OSV
added 2025/01/14 6:15 p.m.6 views

AZL-55649 CVE-2024-12085 affecting package rsync for versions less than 3.4.1-1

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS6.9AI score0.09353EPSS
Exploits2References1
OSV
OSV
added 2025/01/14 6:15 p.m.2 views

DEBIAN-CVE-2024-12747

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass...

5.6CVSS6.9AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:15 p.m.19 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS6.3AI score0.72059EPSS
Exploits8References7
NVD
NVD
added 2025/01/14 6:15 p.m.6 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS0.09353EPSS
Exploits2References28
NVD
NVD
added 2025/01/14 6:15 p.m.6 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS0.04575EPSS
Exploits0References11
NVD
NVD
added 2025/01/14 6:15 p.m.4 views

CVE-2024-12747

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass...

5.6CVSS0.00377EPSS
Exploits0References10
NVD
NVD
added 2025/01/14 6:15 p.m.4 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS0.01761EPSS
Exploits1References11
NVD
NVD
added 2025/01/14 6:15 p.m.9 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS0.02224EPSS
Exploits1References20
Vulnrichment
Vulnrichment
added 2025/01/14 5:57 p.m.8 views

CVE-2024-12087 Rsync: path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

6.5CVSS8AI score0.02224EPSS
Exploits1References16
Cvelist
Cvelist
added 2025/01/14 5:57 p.m.21 views

CVE-2024-12087 Rsync: path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

6.5CVSS0.02224EPSS
Exploits1References16
CVE
CVE
added 2025/01/14 5:57 p.m.182 views

CVE-2024-12087

CVE-2024-12087 affects rsync and is described in connected advisories as a path traversal vulnerability triggered by the --inc-recursive behavior, arising from insufficient symlink verification and per-file-list deduplication checks. The result could allow a server to write files outside the clie...

7.5CVSS6.5AI score0.02224EPSS
Exploits1References20Affected Software1
Debian CVE
Debian CVE
added 2025/01/14 5:57 p.m.13 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.7AI score0.02224EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/01/14 5:57 p.m.13 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02224EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/01/14 5:52 p.m.8 views

CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

6.5CVSS6.7AI score0.02224EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/14 5:39 p.m.15 views

CVE-2024-12747 Rsync: race condition in rsync handling symbolic links

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass...

5.6CVSS6.7AI score0.00377EPSS
Exploits0References7
Rows per page
Query Builder