Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management have been addressed in 2.3 FP12 Vulnerability Details CVEID:CVE-2024-51504 DESCRIPTION: When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this onl...

Rsync: Out of bounds array access via negative index

...

EUVD-2025-198005

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

DEBIAN-CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

AZL-70667 CVE-2025-10158 affecting package rsync for versions less than 3.4.1-2

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

AZL-70387 CVE-2025-10158 affecting package rsync for versions less than 3.4.1-2

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

ALPINE-CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

UBUNTU-CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158 Rsync: Out of bounds array access via negative index

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

CVE-2025-10158

CVE-2025-10158 affects rsync across multiple distros. The issue is a potential out-of-bounds read on a heap buffer triggered by a negative array index when a malicious client acts as the receiver of an rsync transfer. Exploitation requires at least read access to the remote rsync module. Publicly...

CVE-2025-10158 Rsync: Out of bounds array access via negative index

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

Linux Distros Unpatched Vulnerability : CVE-2025-10158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The...

CLSA-2025-1763136711 Fix CVE(s): CVE-2022-29154, CVE-2024-12087, CVE-2024-12088

SECURITY UPDATE: malicious remote servers to write arbitrary files inside the directories of connecting peers: - debian/patches/els/0001-CVE-2022-29154.patch: fix insufficient validation of file names. - CVE-2022-29154. SECURITY UPDATE: path traversal vulnerability. -...

CLSA-2025-1762544268 rsync: Fix of CVE-2016-9840

CVE-2016-9840: fix improper pointer arithmetic in inftrees.c...

CLSA-2025-1762540366 rsync: Fix of CVE-2016-9840

CVE-2016-9840: fix improper pointer arithmetic in inftrees.c...

CLSA-2025-1762540173 rsync: Fix of CVE-2016-9840

CVE-2016-9840: fix improper pointer arithmetic in inftrees.c...