Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : rpm-4.14.3-28.el8_9 (AXSA:2024-7498:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7498:02 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...

6.7CVSS7AI score0.00491EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2025/01/18 12:0 a.m.20 views

SUSE SLES12 Security Update : rsync (SUSE-SU-2025:0166-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0166-1 advisory. - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client...

7.5CVSS7.7AI score0.09353EPSS
Exploits4References17
Tenable Nessus
Tenable Nessus
added 2025/01/18 12:0 a.m.15 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rsync (SUSE-SU-2025:0156-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0156-1 advisory. - CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 - CVE-2024-12085: leak of...

9.8CVSS7.9AI score0.72059EPSS
Exploits8References20
SUSE Linux
SUSE Linux
added 2025/01/17 4:9 p.m.6 views

Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...

8.8CVSS7.4AI score0.09353EPSS
Exploits4References22
OSV
OSV
added 2025/01/17 11:59 a.m.13 views

SUSE-SU-2025:0157-1 Security update for rsync

This update for rsync fixes the following issues: - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 - CVE-2024-12087: arbitrary...

7.5CVSS7.3AI score0.09353EPSS
Exploits4References12
OSV
OSV
added 2025/01/17 11:59 a.m.13 views

SUSE-SU-2025:0156-1 Security update for rsync

This update for rsync fixes the following issues: - CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 - CVE-2024-12086: leak of a client machine's file contents through...

9.8CVSS7.5AI score0.72059EPSS
Exploits8References14
SUSE Linux
SUSE Linux
added 2025/01/15 2:40 p.m.2 views

Security update for rsync

This update for rsync fixes the following issues: NOTE: this update is broken and was retracted. New update will be published as followup update. CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible...

9.8CVSS7.7AI score0.72059EPSS
Exploits8References20
SUSE Linux
SUSE Linux
added 2025/01/15 9:8 a.m.3 views

Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. bsc1234102 CVE-2024-12087: arbitrary file...

8.8CVSS7.4AI score0.09353EPSS
Exploits4References16
RedHat Linux
RedHat Linux
added 2024/02/01 12:39 p.m.3 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/02/01 12:39 p.m.54 views

Moderate: Red Hat Security Advisory: rpm security update

An update for rpm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

6.7CVSS6.7AI score0.00491EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2024/02/01 12:39 p.m.2 views

rpm: TOCTOU race in checks for unsafe symlinks

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...

6.4CVSS7.1AI score0.00307EPSS
Exploits1References4
OSV
OSV
added 2024/02/01 12:0 a.m.50 views

ALSA-2024:0647 Moderate: rpm security update

The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2024/01/30 1:30 p.m.54 views

Moderate: Red Hat Security Advisory: rpm security update

An update for rpm is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.7CVSS6.7AI score0.00491EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2024/01/30 1:30 p.m.5 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/30 1:30 p.m.2 views

rpm: TOCTOU race in checks for unsafe symlinks

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...

6.4CVSS7.1AI score0.00307EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/01/25 11:15 a.m.3 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/25 11:15 a.m.9 views

rpm: TOCTOU race in checks for unsafe symlinks

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...

6.4CVSS7.1AI score0.00307EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/01/25 11:1 a.m.5 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/01/25 11:1 a.m.2 views

rpm: TOCTOU race in checks for unsafe symlinks

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and...

6.4CVSS7.1AI score0.00307EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/01/25 9:1 a.m.4 views

rpm: checks for unsafe symlinks are not performed for intermediary directories

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threa...

6.7CVSS7AI score0.00481EPSS
Exploits1References5
Rows per page
Query Builder