Lucene search
K

2473 matches found

Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.9 views

Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/08 3:16 p.m.12 views

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 12:58 p.m.7 views

CVE-2026-49233 Routinator cache path traversal using rogue rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:58 p.m.5 views

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 12:58 p.m.24 views

CVE-2026-49233

CVE-2026-49233 affects Routinator. The issue is improper validation of the module component in rsync URIs used to construct cache filesystem paths, enabling path traversal through a module name containing ‘..’. This could grant an attacker access to the entire Routinator rsync cache. The connecte...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/08 12:58 p.m.41 views

CVE-2026-49233 Routinator cache path traversal using rogue rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS0.00433EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: rsync

Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...

8.1CVSS5.7AI score0.0078EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: rsync

Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...

8.1CVSS5.7AI score0.0078EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

NLnet Labs Routinator 路径遍历漏洞

NLnet Labs Routinator is an open-source RPKI routing origin validation service developed by NLnet Labs. NLnet Labs Routinator has a path traversal vulnerability, which stems from the improper checking of module components in the rsync URI. This vulnerability may allow for path traversal, enabling...

8.3CVSS5.3AI score0.00433EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47302

Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator fails to properly validate the module component of rsync URIs used to generate file system paths for its cache. This lack of validation enables path traversal if a module name...

8.3CVSS5.4AI score0.00433EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.6 views

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2026-1801)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1801 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger...

8.1CVSS5.7AI score0.0078EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3332 (ALAS-2026-3332)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3332 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counte...

8.1CVSS5.8AI score0.0078EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

EulerOS Virtualization 2.13.1 : rsync (EulerOS-SA-2026-2150)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

4.3CVSS5.6AI score0.00283EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.13.0 : rsync (EulerOS-SA-2026-2189)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...

4.3CVSS5.6AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:48 p.m.6 views

OESA-2026-2552 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:48 p.m.7 views

OESA-2026-2551 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2550 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

8.1CVSS5.7AI score0.0078EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 3:48 p.m.8 views

OESA-2026-2549 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.8 views

Photon OS 4.0: Rsync PHSA-2026-4.0-1026

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1026. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.8CVSS5.7AI score0.00393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

RockyLinux 9 : rsync (RLSA-2026:19368)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19368 advisory. rsync: rsync server leaks arbitrary client files CVE-2024-12086 rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-41035...

7.8CVSS7.3AI score0.01761EPSS
Exploits2References5
Rows per page
Query Builder