Lucene search
+L

62 matches found

redhatcve
redhatcve
added yesterday4 views

CVE-2026-59733

A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...

8.8CVSS6AI score0.00523EPSS
Exploits0References7
nvd
nvd
added 2 days ago10 views

CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS0.00523EPSS
Exploits0References4
osv
osv
added 2 days ago4 views

DEBIAN-CVE-2026-59733

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS6.1AI score0.00523EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago38 views

CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...

8.8CVSS0.00523EPSS
Exploits0References4
cve
cve
added 2 days ago12 views

CVE-2026-59733

CVE-2026-59733 affects the rclone tool before version 1.74.4, specifically when using the command set “serve restic --private-repos.” The issue arises because authorization is enforced using the routed user path segment while the backend object key is built from the raw, uncleaned URL path, allow...

8.8CVSS6.1AI score0.00523EPSS
Exploits0References4
osv
osv
added 2026/07/06 9:13 p.m.3 views

GHSA-798H-HPPH-M24J Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command

Summary When a check plugin places user provided input inside a command which is passed to shellexec, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to get...

7.8CVSS6.2AI score
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.10 views

PT-2026-56070

Name of the Vulnerable Software and Affected Versions linuxfabrik-lib versions prior to 5.0.0 Linuxfabrik Monitoring Plugins versions prior to 5.2.0 Description A local privilege escalation issue exists when a check plugin includes user-provided input within a command passed to the shell exec...

7.8CVSS6.3AI score
Exploits0References7
nessus
nessus
added 2026/06/20 12:0 a.m.5 views

Fedora 44 : restic (2026-2290b9a9ad)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2290b9a9ad advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

9.8CVSS6.9AI score0.34734EPSS
Exploits4References5
nessus
nessus
added 2026/06/20 12:0 a.m.9 views

Fedora 43 : restic (2026-e6094447f0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6094447f0 advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

9.8CVSS5.9AI score0.34734EPSS
Exploits4References5
opensuse
opensuse
added 2026/06/15 12:0 a.m.10 views

Security update for restic (important)

openSUSE Security Update: Security update for restic Announcement ID: openSUSE-SU-2026:0206-1 Rating: important References: 1240262 1265915 1266211 1266795 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSU...

7.5CVSS6.7AI score0.00781EPSS
Exploits0References4
opensuse
opensuse
added 2026/06/03 12:0 a.m.8 views

restic-0.18.1-3.1 on GA media (moderate)

restic-0.18.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10912-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
osv
osv
added 2026/05/30 12:0 a.m.5 views

OPENSUSE-SU-2026:10912-1 restic-0.18.1-3.1 on GA media

These are all security issues fixed in the restic-0.18.1-3.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00781EPSS
Exploits0References1
osv
osv
added 2026/05/18 1:4 p.m.11 views

CLEANSTART-2026-XJ06210 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499 applied in versions: 0.18.0-r0

Multiple security vulnerabilities affect the restic package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.8AI score0.00813EPSS
Exploits5References53
osv
osv
added 2026/05/18 12:56 p.m.12 views

CLEANSTART-2026-PB32291 Security fixes for CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, ghsa-9h8m-3fm2-qjrq, ghsa-vvgc-356p-c3xw applied in versions: 0.18.0-r0, 0.18.1-r0, 0.18.1-r1, 0.18.1-r3, 0.18.1-r4, 0.18.1-r5

Multiple security vulnerabilities affect the restic-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.00813EPSS
Exploits2References41
cgr
cgr
added 2026/04/03 7:17 p.m.11 views

GHSA-78H2-9FRX-2JM8 vulnerabilities

Vulnerabilities for packages: external-secrets-operator-fips, falcoctl, ko-fips, flux-source-controller-fips, kserve, spire-server, gitlab-workhorse-ce, grype-fips, opentofu, dapr, zitadel, commercial-grafana, flux-operator, oauth2-proxy-fips, kyverno-notation-aws, grafana-alloy-fips,...

6.1AI score
Exploits0
osv
osv
added 2026/04/01 9:19 a.m.3 views

CLEANSTART-2026-ZQ16088 Security fixes for CVE-2026-24051, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-vvgc-356p-c3xw applied in versions: 0.18.0-r0, 0.18.1-r0, 0.18.1-r1

Multiple security vulnerabilities affect the restic-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.7AI score0.00522EPSS
Exploits1References7
wolfi
wolfi
added 2026/02/10 1:48 p.m.27 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: victoriametrics, pgpool2exporter, openfga, mountpoint-s3-csi-driver, zot, contour, kubevela, kubernetes-dashboard-auth, local-static-provisioner, terraform-provider-grafana, sealed-secrets, q, blob-csi, cert-manager, dive, flux-source-controller, infinispan-operator,...

10CVSS6.8AI score0.00765EPSS
Exploits1
wolfi
wolfi
added 2026/02/10 1:48 p.m.12 views

GHSA-H355-32PF-P2XM vulnerabilities

Vulnerabilities for packages: victoriametrics, pgpool2exporter, openfga, mountpoint-s3-csi-driver, zot, contour, kubevela, kubernetes-dashboard-auth, local-static-provisioner, terraform-provider-grafana, sealed-secrets, q, blob-csi, cert-manager, dive, flux-source-controller, infinispan-operator,...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/02/10 1:48 p.m.17 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: victoriametrics, pgpool2exporter, openfga, fq, mountpoint-s3-csi-driver, iptables-wrappers, zot, contour, kubevela, kubernetes-dashboard-auth, local-static-provisioner, terraform-provider-grafana, sealed-secrets, q, blob-csi, cert-manager, dive, flux-source-controlle...

8.6CVSS7AI score0.00472EPSS
Exploits0
osv
osv
added 2026/02/10 12:39 a.m.5 views

CLEANSTART-2026-GP14462 Security fixes for GHSA-VVGC-356P-C3XW applied in versions: 0.18.0-r0

Security vulnerability affects the restic-fips package. This issue is resolved in later releases. See references for vulnerability details...

5.9AI score
Exploits0References2
Rows per page
Query Builder