62 matches found
CVE-2026-59733
A flaw was found in Rclone. When using the rclone serve restic --private-repos command, an authenticated user can include directory traversal sequences e.g., .. in a request. This allows them to bypass authorization and read, overwrite, or delete another user's private repository on backends that...
DEBIAN-CVE-2026-59733
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...
CVE-2026-59733
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...
CVE-2026-59733 rclone `serve restic --private-repos` authorization bypass: `..` in the URL path lets an authenticated user read, overwrite and delete other users' repositories
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone serve restic --private-repos enforces authorization using the routed user path segment while building the backend object key from the raw uncleaned URL path,...
CVE-2026-59733
CVE-2026-59733 affects the rclone tool before version 1.74.4, specifically when using the command set “serve restic --private-repos.” The issue arises because authorization is enforced using the routed user path segment while the backend object key is built from the raw, uncleaned URL path, allow...
GHSA-798H-HPPH-M24J Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command
Summary When a check plugin places user provided input inside a command which is passed to shellexec, an attacker can abuse this to run arbitrary commands. This is mainly dangerous for plugins which are listed in the sudoers file, because this allows an attacker controlling the nagios user to get...
PT-2026-56070
Name of the Vulnerable Software and Affected Versions linuxfabrik-lib versions prior to 5.0.0 Linuxfabrik Monitoring Plugins versions prior to 5.2.0 Description A local privilege escalation issue exists when a check plugin includes user-provided input within a command passed to the shell exec...
Fedora 44 : restic (2026-2290b9a9ad)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2290b9a9ad advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Fedora 43 : restic (2026-e6094447f0)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6094447f0 advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Security update for restic (important)
openSUSE Security Update: Security update for restic Announcement ID: openSUSE-SU-2026:0206-1 Rating: important References: 1240262 1265915 1266211 1266795 Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSU...
restic-0.18.1-3.1 on GA media (moderate)
restic-0.18.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10912-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...
OPENSUSE-SU-2026:10912-1 restic-0.18.1-3.1 on GA media
These are all security issues fixed in the restic-0.18.1-3.1 package on the GA media of openSUSE Tumbleweed...
CLEANSTART-2026-XJ06210 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499 applied in versions: 0.18.0-r0
Multiple security vulnerabilities affect the restic package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PB32291 Security fixes for CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, ghsa-9h8m-3fm2-qjrq, ghsa-vvgc-356p-c3xw applied in versions: 0.18.0-r0, 0.18.1-r0, 0.18.1-r1, 0.18.1-r3, 0.18.1-r4, 0.18.1-r5
Multiple security vulnerabilities affect the restic-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-78H2-9FRX-2JM8 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, falcoctl, ko-fips, flux-source-controller-fips, kserve, spire-server, gitlab-workhorse-ce, grype-fips, opentofu, dapr, zitadel, commercial-grafana, flux-operator, oauth2-proxy-fips, kyverno-notation-aws, grafana-alloy-fips,...
CLEANSTART-2026-ZQ16088 Security fixes for CVE-2026-24051, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-vvgc-356p-c3xw applied in versions: 0.18.0-r0, 0.18.1-r0, 0.18.1-r1
Multiple security vulnerabilities affect the restic-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: victoriametrics, pgpool2exporter, openfga, mountpoint-s3-csi-driver, zot, contour, kubevela, kubernetes-dashboard-auth, local-static-provisioner, terraform-provider-grafana, sealed-secrets, q, blob-csi, cert-manager, dive, flux-source-controller, infinispan-operator,...
GHSA-H355-32PF-P2XM vulnerabilities
Vulnerabilities for packages: victoriametrics, pgpool2exporter, openfga, mountpoint-s3-csi-driver, zot, contour, kubevela, kubernetes-dashboard-auth, local-static-provisioner, terraform-provider-grafana, sealed-secrets, q, blob-csi, cert-manager, dive, flux-source-controller, infinispan-operator,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: victoriametrics, pgpool2exporter, openfga, fq, mountpoint-s3-csi-driver, iptables-wrappers, zot, contour, kubevela, kubernetes-dashboard-auth, local-static-provisioner, terraform-provider-grafana, sealed-secrets, q, blob-csi, cert-manager, dive, flux-source-controlle...
CLEANSTART-2026-GP14462 Security fixes for GHSA-VVGC-356P-C3XW applied in versions: 0.18.0-r0
Security vulnerability affects the restic-fips package. This issue is resolved in later releases. See references for vulnerability details...