Lucene search
K

259 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/05/14 12:0 a.m.8 views

rclone-1.74.1-1.1 on GA media (moderate)

rclone-1.74.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10762-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2026/05/13 12:0 a.m.44 views

VulnCheck KEV: CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.8AI score0.34734EPSS
In wildExploits1References21
OSV
OSV
added 2026/05/12 12:0 a.m.4 views

OPENSUSE-SU-2026:10762-1 rclone-1.74.1-1.1 on GA media

These are all security issues fixed in the rclone-1.74.1-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/10 2:55 a.m.10 views

[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.10 views

Fedora 44 : rclone (2026-63341da831)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-63341da831 advisory. Update to 1.74.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

9.8CVSS5.9AI score0.34734EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.7 views

Fedora 43 : rclone (2026-2bb2aee489)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2bb2aee489 advisory. Update to 1.74.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

9.8CVSS5.9AI score0.34734EPSS
Exploits3References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/06 12:0 a.m.6 views

rclone-1.74.0-1.1 on GA media (moderate)

rclone-1.74.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10682-1 Rating: moderate Cross-References: CVE-2026-32952 CVE-2026-33813 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...

7.5CVSS5.8AI score0.01027EPSS
Exploits0
OSV
OSV
added 2026/05/04 12:0 a.m.6 views

OPENSUSE-SU-2026:10682-1 rclone-1.74.0-1.1 on GA media

These are all security issues fixed in the rclone-1.74.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.01027EPSS
Exploits0References2
Amazon
Amazon
added 2026/04/30 12:0 a.m.14 views

Important: rclone

Issue Overview: crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was...

9.1CVSS6.7AI score0.01557EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3264 (ALAS-2026-3264)

"The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3264 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper...

9.1CVSS7.7AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/04/27 8:35 p.m.12 views

JLSEC-2026-281 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution

Summary The RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs... supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend,...

9.2CVSS6.2AI score0.09199EPSS
Exploits2References5
OSV
OSV
added 2026/04/27 8:35 p.m.11 views

JLSEC-2026-279 Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

tl;dr: unprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data using --links and --metadata. unprivileged user now owns /etc/sudoers. Summary Insecure handling of symlinks with --links and --metadata i...

5.4CVSS5.6AI score0.00214EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 8:35 p.m.21 views

JLSEC-2026-278

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS5.3AI score0.01336EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.16 views

openSUSE 16 Security Update : rclone (openSUSE-SU-2026:20620-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20620-1 advisory. Changes in rclone: - Update to version 1.73.5: Version v1.73.5 operations: add AuthRequired to operations/fsinfo to prevent backend creation...

10CVSS7AI score0.34734EPSS
Exploits9References30
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.10 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, ratify, juicefs, k6, rancher-agent, zot, grafana, dex, sftpgo-plugin-auth, kyverno, percona-server-mongodb-operator, rancher, seaweedfs, cert-manager, gitea, cert-manager-cmctl, telegraf, bento, openbao, terraform, external-secrets-operator,...

7.5CVSS6.1AI score0.01027EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.14 views

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, ratify, juicefs, k6, rancher-agent, zot, grafana, dex, sftpgo-plugin-auth, kyverno, percona-server-mongodb-operator, rancher, seaweedfs, cert-manager, gitea, cert-manager-cmctl, telegraf, bento, openbao, terraform, external-secrets-operator,...

6.1AI score
Exploits0
OSV
OSV
added 2026/04/24 8:51 a.m.4 views

BIT-RCLONE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.4AI score0.34734EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/04/24 1:28 a.m.10 views

SUSE CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.9AI score0.09199EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.8 views

Rclone 1.45.x < 1.73.5 Authentication Bypass (CVE-2026-41176)

The version of Rclone installed on the remote host is 1.45.x prior to 1.73.5. It is, therefore, affected by an authentication bypass vulnerability: - The RC endpoint options/set is exposed without AuthRequired, but it can mutate global runtime configuration, including the RC option block itself. ...

9.8CVSS5.6AI score0.34734EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.7 views

Rclone 1.48.x < 1.73.5 Command Injection (CVE-2026-41179)

The version of Rclone installed on the remote host is 1.48.x prior to 1.73.5. It is, therefore, affected by a command injection vulnerability: - The RC endpoint operations/fsinfo is exposed without AuthRequired and accepts attacker-controlled fs input. Because rc.GetFs supports inline backend...

9.8CVSS5.8AI score0.09199EPSS
Exploits2References2
Rows per page
Query Builder