Lucene search
K

2473 matches found

Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.13 views

Slackware Linux 15.0 / current rsync Multiple Vulnerabilities (SSA:2025-014-01)

The version of rsync installed on the remote host is prior to 3.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-014-01 advisory. New rsync packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

9.8CVSS7.4AI score0.72059EPSS
Exploits8References7
Rosalinux
Rosalinux
added 2025/01/13 9:39 a.m.11 views

Advisory ROSA-SA-2025-2553

Software: rsync 3.1.2 OS: rosa-server79 packageevrstring: rsync-3.1.2-12.0.1.res7 CVE-ID: CVE-2017-16548 BDU-ID: 2021-01395 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the receivexattr function in xattrs.c of the Rsync file transfer and synchronization utility is related to the lack of a check f...

9.8CVSS7.5AI score0.06337EPSS
Exploits0
Amazon
Amazon
added 2025/01/11 6:50 a.m.49 views

Important: rsync

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming CVE-2024-12088 Placeholder CVE. Details forthcoming CVE-2024-12747 Affected Packages:...

7.5CVSS7.2AI score0.09353EPSS
Exploits4
Amazon
Amazon
added 2025/01/11 6:27 a.m.33 views

Important: rsync

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming CVE-2024-12088 Placeholder CVE. Details forthcoming CVE-2024-12747 Affected Packages:...

7.5CVSS7.3AI score0.09353EPSS
Exploits4
OSV
OSV
added 2025/01/10 12:0 a.m.1 views

UBUNTU-CVE-2024-48943

A malicious RPKI rsync repository can prevent Fort from finishing its validation run by drip-feeding its content...

5.8AI score
Exploits0References5
OSV
OSV
added 2025/01/09 12:0 a.m.2 views

UBUNTU-CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS6.9AI score0.09353EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2025/01/09 12:0 a.m.5 views

CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

7.5CVSS7AI score0.09353EPSS
Exploits2References4
OSV
OSV
added 2025/01/09 12:0 a.m.2 views

UBUNTU-CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS7.3AI score0.01761EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/01/09 12:0 a.m.15 views

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.5AI score0.72059EPSS
Exploits4References6
UbuntuCve
UbuntuCve
added 2025/01/09 12:0 a.m.6 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS7.1AI score0.04575EPSS
Exploits0References4
OSV
OSV
added 2025/01/09 12:0 a.m.1 views

UBUNTU-CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02224EPSS
Exploits1References5
OSV
OSV
added 2025/01/09 12:0 a.m.2 views

UBUNTU-CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.5AI score0.72059EPSS
Exploits4References7
OSV
OSV
added 2025/01/09 12:0 a.m.3 views

UBUNTU-CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS7.2AI score0.04575EPSS
Exploits0References5
OSV
OSV
added 2025/01/09 12:0 a.m.1 views

UBUNTU-CVE-2024-12747

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass...

5.6CVSS7.1AI score0.00377EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.3 views

PT-2024-10122

Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description The issue arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular fi...

9.8CVSS7.1AI score0.72059EPSS
Exploits7References131
Positive Technologies
Positive Technologies
added 2024/11/23 12:0 a.m.5 views

PT-2024-10124

Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description The issue is related to rsync, a software used for synchronizing files across different systems. It allows a server to enumerate the contents of an arbitrary file from the client's machine by...

9.8CVSS7.2AI score0.72059EPSS
Exploits7References127
Positive Technologies
Positive Technologies
added 2024/11/23 12:0 a.m.4 views

PT-2024-10123

The issue is related to rsync, a software package used for synchronizing files across different locations. A path traversal flaw was discovered in rsync when the --safe-links option is used. This flaw allows an attacker to write files arbitrarily outside the intended directory due to rsync's...

7.8CVSS7.2AI score0.09353EPSS
Exploits3References137
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-10126

The rsync software is affected by a path traversal issue, which arises from the behavior enabled by the --inc-recursive option. This option is default-enabled for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive...

7.8CVSS7.4AI score0.09353EPSS
Exploits3References148
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.5 views

PT-2024-10125

The rsync daemon is affected by a flaw that can be triggered when comparing file checksums, allowing an attacker to manipulate the checksum length and cause a comparison between a checksum and uninitialized memory. This results in the leak of one byte of uninitialized stack data at a time. An...

7.8CVSS7.4AI score0.09353EPSS
Exploits3References179
Slackware Linux
Slackware Linux
added 2024/10/30 10:4 p.m.26 views

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-128.4.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

9.8CVSS7.4AI score0.00815EPSS
Exploits0
Rows per page
Query Builder