CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

RedhatCVE•added 2026/05/22 1:6 p.m.•6 views

CVE-2026-43617

A flaw was found in rsync. When an rsync daemon is configured with "daemon chroot = /X" and uses hostname-based access control lists ACLs, and the chrooted directory /X lacks necessary DNS resolution files, a remote attacker can bypass hostname-based deny rules. This occurs because the daemon...

6.3CVSS5.8AI score0.00014EPSS

Exploits0References3

RedhatCVE•added 2026/05/22 1:6 p.m.•6 views

CVE-2026-43619

A flaw was found in rsync. A local attacker with filesystem access on the daemon host can exploit a symlink race vulnerability CWE-367 Time-of-check to time-of-use in rsync daemons configured with 'use chroot = no'. This allows the attacker to redirect path-based system calls, such as chmod,...

7.2CVSS5.7AI score0.00007EPSS

Exploits0References3

RedhatCVE•added 2026/05/22 1:6 p.m.•6 views

CVE-2026-43618

A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...

8.1CVSS5.8AI score0.00056EPSS

Exploits0References3

UbuntuCve•added 2026/05/20 12:0 a.m.•3 views

CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.3CVSS5.8AI score0.00009EPSS

Exploits0References3

OSV•added 2026/05/20 12:0 a.m.•1 views

UBUNTU-CVE-2026-29518

7.3CVSS5.9AI score0.00009EPSS

Exploits0References4

OSV•added 2026/05/20 12:0 a.m.•4 views

UBUNTU-CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

7.2CVSS6AI score0.00007EPSS

Exploits0References5

UbuntuCve•added 2026/05/20 12:0 a.m.•5 views

CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00014EPSS

Exploits0References4

OSV•added 2026/05/20 12:0 a.m.•1 views

UBUNTU-CVE-2026-43617

6.3CVSS5.8AI score0.00014EPSS

Exploits0References5

Rosalinux•added 2026/02/16 12:24 p.m.•7 views

Advisory ROSA-SA-2026-3199

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 unaffected versions = rsync-3.1.3-23.rv3 affected versions rsync-3.1.3-23.rv3 CVE-ID: CVE-2024-12087 BDU-ID: 2025-00377 CVE-Crit: HIGH CVE-DESC.: A configuration vulnerability in the --inc-recursive configuration of the rsyncd daemon of the Rsync...

9.8CVSS6.5AI score0.03163EPSS

Exploits1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-2949

Malware in sbrugna...

9.3CVSS6.1AI score0.06937EPSS

Exploits5References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-8598

Malware in sbrugna...

9.8CVSS9.2AI score0.01156EPSS

Exploits0References10

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-50580

Malicious code in bioql PyPI...

9.8CVSS9.7AI score0.04627EPSS

Exploits4References4

Tenable Nessus•added 2025/06/16 12:0 a.m.•2 views

TencentOS Server 2: rsync (TSSA-2025:0101)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0101 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

7.5CVSS7.3AI score0.1902EPSS

Exploits2References2

Tenable Nessus•added 2025/06/16 12:0 a.m.•3 views

TencentOS Server 3: rsync (TSSA-2025:0042)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0042 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS7.4AI score0.1902EPSS

Exploits2References2

Tenable Nessus•added 2025/03/04 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2017-17434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfile...

9.8CVSS7AI score0.01156EPSS

Exploits0References2

AstraLinux•added 2025/02/11 7:35 a.m.•3 views

Astra Linux - уязвимость в rsync

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.2AI score0.04627EPSS

Exploits4References3