1014 matches found
CVE-2026-43619
Rsync
CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
Linux Distros Unpatched Vulnerability : CVE-2026-43617
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured...
haveged 安全漏洞
Haveged is a random number generation tool developed by Jirka-H. Haveged has a security vulnerability; this vulnerability stems from the sockethandler function not stopping its execution when it detects that the connection user is not a root user. This allows any local non-privileged user to...
UBUNTU-CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
PT-2026-42136
PluginScript attempts to chroot the plugin to the repoManagerRoot, this root is frequently / the system root in standard configurations or when using --root. If the chroot target is /, it is a no-op, allowing the traversed path to execute host binaries like /bin/bash with root privileges...
CVE-2026-43617
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...
PT-2026-42051
Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description An authorization bypass exists in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR...
Linux Distros Unpatched Vulnerability : CVE-2026-43619
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir,...
PT-2026-42053
Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A symlink race condition exists in path-based system calls, including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat. Local attackers with filesystem access can...
libzypp 安全漏洞
Libzypp is a package manager developed by OpenSUSE. There is a security vulnerability in Libzypp, which arises when the chroot target is the system root directory. This vulnerability allows for traversing paths with root privileges, enabling execution of host binary files...
UBUNTU-CVE-2026-43617
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...
UBUNTU-CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
CVE-2026-43619
Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...
PT-2026-42153
Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.3 Description A time-of-check to time-of-use TOCTOU race condition exists in the daemon file handling. This occurs when an rsync daemon is configured with the chroot setting set to false. A local attacker with write...
Rsync 安全漏洞
Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Rsync versions 3.4.2 and earlier have security vulnerabilities. These vulnerabilities stem from an authorization bypass in the access control list based on hostnames during chroo...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...
go-billy has path traversal vulnerabilities
Impact Multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...