2473 matches found
Routinator has cache path traversal when processing the module component of rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49233 Routinator cache path traversal using rogue rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49233
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
CVE-2026-49233
CVE-2026-49233 affects Routinator. The issue is improper validation of the module component in rsync URIs used to construct cache filesystem paths, enabling path traversal through a module name containing ‘..’. This could grant an attacker access to the entire Routinator rsync cache. The connecte...
CVE-2026-49233 Routinator cache path traversal using rogue rsync URIs
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...
Important: rsync
Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...
Important: rsync
Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...
NLnet Labs Routinator 路径遍历漏洞
NLnet Labs Routinator is an open-source RPKI routing origin validation service developed by NLnet Labs. NLnet Labs Routinator has a path traversal vulnerability, which stems from the improper checking of module components in the rsync URI. This vulnerability may allow for path traversal, enabling...
PT-2026-47302
Name of the Vulnerable Software and Affected Versions Routinator affected versions not specified Description Routinator fails to properly validate the module component of rsync URIs used to generate file system paths for its cache. This lack of validation enables path traversal if a module name...
Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2026-1801)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1801 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger...
Amazon Linux 2 : rsync, --advisory ALAS2-2026-3332 (ALAS-2026-3332)
The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3332 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counte...
EulerOS Virtualization 2.13.1 : rsync (EulerOS-SA-2026-2150)
According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...
EulerOS Virtualization 2.13.0 : rsync (EulerOS-SA-2026-2189)
According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a...
OESA-2026-2552 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2551 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2550 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
OESA-2026-2549 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
Photon OS 4.0: Rsync PHSA-2026-4.0-1026
An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1026. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RockyLinux 9 : rsync (RLSA-2026:19368)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19368 advisory. rsync: rsync server leaks arbitrary client files CVE-2024-12086 rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-41035...