EUVD-2026-26271

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...

CVE-2026-30893

Wazuh cluster sync path traversal (CVE-2026-30893) affects versions 4.4.0–4.14.3. The vulnerability occurs in the cluster synchronization extraction routine (decompress_files()), enabling an authenticated cluster peer to write arbitrary files outside the extraction directory. This can escalate to...

CVE-2026-30893

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...

CVE-2026-30893 Wazuh cluster sync path traversal in decompress_files() enables arbitrary file write and code execution from authenticated cluster peer

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchronization extraction routine allows an authenticated cluster peer to write arbitrary files outside the...

Wazuh 路径遍历漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.4.0 to 4.14.4 contained a path traversal vulnerability. This...

PT-2026-35967

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.14.3 Description A path traversal issue exists in the cluster synchronization extraction routine, specifically within the decompress files function. This allows an authenticated cluster peer to write arbitrary...

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 3.9.0 to 4.14.3 contained security vulnerabilities. These...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

[SECURITY] [DLA 2515-1] csync2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2515-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 04, 2021 https://wiki.debian.org/LTS -...

Unspecified Vulnerability in LINBIT csync2

LINBIT csync2 is a cluster synchronization tool from the Austrian company LINBIT, which is mainly used to keep files on multiple hosts in a cluster synchronized. A security vulnerability exists in the ''csyncdaemonsession''function in the daemon.c file in LINBIT csync2 2.0 and earlier versions,...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

Session fixation

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

CVE-2018-20810

CVE-2018-20810 affects Pulse Secure Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): session data exchanged during cluster synchronization between nodes is not properly encrypted in PCS 8.3RX before 8.3R2 and PPS 5.4RX before 5.4R2. The issue does not apply to PCS 8.1RX, PPS 5.2RX, or st...

CVE-2018-20810

Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure PCS 8.3RX before 8.3R2 and Pulse Policy Secure PPS 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices...

PT-2019-10249 · Pulse · Pulse Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 8.3RX through 8.3R1 Pulse Policy Secure PPS versions 5.4RX through 5.4R1 Description: The issue concerns the lack of proper encryption for session data between cluster nodes during cluster synchronization...

[SECURITY] Fedora 21 Update: csync2-1.34-15.fc21

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...

[SECURITY] Fedora 20 Update: csync2-1.34-15.fc20

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...

[SECURITY] Fedora 22 Update: csync2-1.34-15.fc22

Csync2 is a cluster synchronization tool. It can be used to keep files on multiple hosts in a cluster in sync. Csync2 can handle complex setups with much more than just 2 hosts, handle file deletions and can detect conflicts. It is expedient for HA-clusters, HPC-clusters, COWs and server farms...

Low: Red Hat Enhancement Advisory: Red Hat Enterprise MRG Messaging and Grid Version 1.2

Red Hat Enterprise MRG Messaging and Grid Update 1.2 is now available for Red Hat Enterprise Linux 5. This new release includes updated classads, condor, condor-ec2-enhanced, condor-ec2-enhanced-hooks, condor-job-hooks, condor-low-latency, condor-remote-configuration, python-qpid, qpid-java, qpid...