Lucene search
K

26 matches found

RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-59996

A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...

5.4CVSS6AI score0.00241EPSS
Exploits0References6
NVD
NVD
added 5 days ago10 views

CVE-2026-41857

A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...

7.8CVSS0.00148EPSS
Exploits0References1
OSV
OSV
added 6 days ago5 views

DEBIAN-CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS6AI score0.00241EPSS
Exploits0References1
CVE
CVE
added 6 days ago79 views

CVE-2026-59996

OpenSSH SCP flaw: OpenSSH versions before 10.4 allow a file to be placed in the parent directory of the target when copying between two remote destinations. Root cause is described in the OpenSSH release notes; remediation is to upgrade to OpenSSH 10.4p1 or later (fixed in 10.4p1). No exploit det...

5.4CVSS6AI score0.00241EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago117 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS0.00241EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations. CVE-2026-5999...

5.4CVSS6.2AI score0.00241EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/21 1:28 a.m.16 views

[SECURITY] Fedora 43 Update: rsync-3.4.1-6.fc43

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

7.8CVSS7.2AI score0.01761EPSS
Exploits2
Fedora
Fedora
added 2026/05/15 8:57 p.m.15 views

[SECURITY] Fedora 44 Update: rsync-3.4.1-7.fc44

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

7.8CVSS7.2AI score0.01761EPSS
Exploits2
Fedora
Fedora
added 2026/02/17 12:56 a.m.9 views

[SECURITY] Fedora 43 Update: rsync-3.4.1-5.fc43

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

4.3CVSS5.5AI score0.00289EPSS
Exploits0
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.19 views

A malicious rsh server can overwrite arbitrary files in a directory on the rcp client machine

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS7.4AI score0.58204EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2026/01/09 12:30 p.m.5 views

CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

7.8CVSS7.1AI score0.0039EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2019-7283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp...

7.4CVSS7AI score0.01976EPSS
Exploits1References2
OSV
OSV
added 2023/08/14 5:15 a.m.5 views

UBUNTU-CVE-2023-40303

GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of setid family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary us...

7.8CVSS7.1AI score0.0039EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.5 views

GNU Inetutils 安全漏洞

GNU Inetutils is a collection of network tools from the GNU Project that contains common network management programs such as traceroute, hostname, ifconfig, and others. The toolset is mainly used for functions such as network diagnostics, configuration and system information query. An elevation o...

7.8CVSS7.1AI score0.0039EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:16 a.m.9 views

SUSE CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

7.4CVSS6.7AI score0.01976EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/09/28 12:0 a.m.8 views

The vulnerability of the rcp.c component in the NetKit-rsh remote execution program allows a attacker to compromise data integrity.

The vulnerability of the rcp.c component in the NetKit-rsh remote execution program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to compromise data integrity using a dummy file name or the file name “.”...

7.1CVSS6.7AI score0.02067EPSS
Exploits1References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.7 views

The vulnerability of the Jenkins Google Cloud Backup Plugin, related to deficiencies in the authentication process, allows a hacker to copy arbitrary files.

The vulnerability of the Jenkins Google Cloud Backup Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to remotely copy arbitrary files...

4.3CVSS5.6AI score0.00505EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/10/26 12:0 a.m.1 views

Command Execution Vulnerability in Deepsix Remote Copy Tool

DeepSign Technology Co., Ltd. is a product and service provider specializing in enterprise-level security, cloud computing and IT infrastructure. A command execution vulnerability exists in the DeepService Remote Copy Tool, which can be exploited by an attacker to gain server privileges...

7.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/03/01 12:0 a.m.4 views

The vulnerability of the scp file copy-to-remote utility’s implementation, related to access control deficiencies, allows a perpetrator to conceal the name of the transferred file.

The vulnerability of the scp file copy utility implementation is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to conceal the name of the transferred file while operating remotely...

7.1CVSS6.8AI score0.03807EPSS
Exploits0References8Affected Software4
CNVD
CNVD
added 2019/02/14 12:0 a.m.2 views

NetKit Input Validation Vulnerability

NetKit is a network environment simulation system. A security vulnerability exists in NetKit 0.17 and earlier versions, which stems from the fact that the server selects the file/directory to be sent to the client, but the rcp client only loosely validates the name of the returned object. An...

7.4CVSS6.9AI score0.01976EPSS
Exploits1References1
Rows per page
Query Builder