26 matches found
CVE-2026-59996
A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...
CVE-2026-41857
A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...
DEBIAN-CVE-2026-59996
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...
CVE-2026-59996
OpenSSH SCP flaw: OpenSSH versions before 10.4 allow a file to be placed in the parent directory of the target when copying between two remote destinations. Root cause is described in the OpenSSH release notes; remediation is to upgrade to OpenSSH 10.4p1 or later (fixed in 10.4p1). No exploit det...
CVE-2026-59996
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...
Linux Distros Unpatched Vulnerability : CVE-2026-59996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. CVE-2026-5999...
[SECURITY] Fedora 43 Update: rsync-3.4.1-6.fc43
Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...
[SECURITY] Fedora 44 Update: rsync-3.4.1-7.fc44
Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...
[SECURITY] Fedora 43 Update: rsync-3.4.1-5.fc43
Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...
A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...
CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
Linux Distros Unpatched Vulnerability : CVE-2019-7283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp...
UBUNTU-CVE-2023-40303
GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...
GNU Inetutils 安全漏洞
GNU Inetutils is a collection of network tools from the GNU Project that contains common network management programs such as traceroute, hostname, ifconfig, and others. The toolset is mainly used for functions such as network diagnostics, configuration and system information query. An elevation o...
SUSE CVE-2019-7283
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...
The vulnerability of the rcp.c component in the NetKit-rsh remote execution program allows a attacker to compromise data integrity.
The vulnerability of the rcp.c component in the NetKit-rsh remote execution program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to compromise data integrity using a dummy file name or the file name “.”...
The vulnerability of the Jenkins Google Cloud Backup Plugin, related to deficiencies in the authentication process, allows a hacker to copy arbitrary files.
The vulnerability of the Jenkins Google Cloud Backup Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to remotely copy arbitrary files...
Command Execution Vulnerability in Deepsix Remote Copy Tool
DeepSign Technology Co., Ltd. is a product and service provider specializing in enterprise-level security, cloud computing and IT infrastructure. A command execution vulnerability exists in the DeepService Remote Copy Tool, which can be exploited by an attacker to gain server privileges...
The vulnerability of the scp file copy-to-remote utility’s implementation, related to access control deficiencies, allows a perpetrator to conceal the name of the transferred file.
The vulnerability of the scp file copy utility implementation is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to conceal the name of the transferred file while operating remotely...
NetKit Input Validation Vulnerability
NetKit is a network environment simulation system. A security vulnerability exists in NetKit 0.17 and earlier versions, which stems from the fact that the server selects the file/directory to be sent to the client, but the rcp client only loosely validates the name of the returned object. An...