CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

RedHat Linux•added 2026/06/11 1:41 a.m.•6 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References7

RedHat Linux•added 2026/05/26 5:23 a.m.•10 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

7.8CVSS6AI score0.00319EPSS

Exploits1References7

RedHat Linux•added 2026/05/26 4:24 a.m.•11 views

rsync: Rsync: Use-after-free vulnerability in extended attribute handling

7.8CVSS6AI score0.00319EPSS

Exploits1References7

Tenable Nessus•added 2026/05/26 12:0 a.m.•16 views

TencentOS Server 3: rsync (TSSA-2026:0379)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0379 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.8CVSS5.9AI score0.00319EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux, linux-5.10

In the drivers/nfc/st21nfca/se.c file within the Linux kernel, up to version 5.16.12, there are connectivity events received due to EVTTRANSACTION buffer overflows caused by untrusted length parameters...

7.8CVSS6.7AI score0.00432EPSS

Exploits0References2

OSV•added 2026/04/18 2:40 a.m.•3 views

MGASA-2026-0101 Updated rsync packages fix security vulnerability

In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References5

RedhatCVE•added 2026/04/17 6:8 a.m.•6 views

CVE-2026-41035

7.8CVSS5.9AI score0.00319EPSS

Exploits1References6

SUSE CVE•added 2026/04/16 11:27 p.m.•5 views

SUSE CVE-2026-41035

7.2CVSS5.7AI score0.00319EPSS

Exploits1References19

EUVD•added 2026/04/16 9:31 a.m.•3 views

EUVD-2026-23215

7.4CVSS5.8AI score0.00319EPSS

Exploits1References4

OSV•added 2026/04/16 7:16 a.m.•4 views

ALPINE-CVE-2026-41035

7.8CVSS5.3AI score0.00319EPSS

Exploits1References1

Debian CVE•added 2026/04/16 6:53 a.m.•4 views

CVE-2026-41035

7.8CVSS5.3AI score0.00319EPSS

Exploits1

AlpineLinux•added 2026/04/16 6:53 a.m.•4 views

CVE-2026-41035

7.8CVSS5.7AI score0.00319EPSS

Exploits1References5

CVE•added 2026/04/16 6:53 a.m.•130 views

CVE-2026-41035

CVE-2026-41035 affects rsync versions 3.0.1 through 3.4.1. The vulnerability stems from receive_xattr using an untrusted length value during a qsort, causing a receiver use-after-free when the -X/--xattrs option is used. Impact is described as low for confidentiality/integrity/availability, with ...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/04/16 6:53 a.m.•5 views

CVE-2026-41035

7.4CVSS5.8AI score0.00319EPSS

Exploits1References3

Cvelist•added 2026/04/16 6:53 a.m.•39 views

CVE-2026-41035

7.4CVSS0.00319EPSS

Exploits1References3

CNNVD•added 2026/04/16 12:0 a.m.•8 views

Rsync 安全漏洞

Rsync is a fast and versatile file copying tool developed by RsyncProject. It is used for both remote and local files. Versions of Rsync from 3.0.1 to 3.4.1 contain security vulnerabilities. These vulnerabilities stem from the use of untrusted length values in the receivexattr function during the...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References1

Positive Technologies•added 2026/04/16 12:0 a.m.•7 views

PT-2026-33280

Name of the Vulnerable Software and Affected Versions rsync versions 3.0.1 through 3.4.1 Description The receive xattr function relies on an untrusted length value during a qsort call, which can lead to a use-after-free condition on the receiver side. This occurs when the victim runs the software...

7.8CVSS5.8AI score0.00319EPSS

Exploits1References74

Tenable Nessus•added 2026/01/15 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003407)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003407 advisory. In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving ...

5.9CVSS6.7AI score0.16352EPSS

Exploits4References11

Tenable Nessus•added 2026/01/15 12:0 a.m.•5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002957)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002957 advisory. In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving ...

5.9CVSS6.7AI score0.16352EPSS

Exploits4References11

Tenable Nessus•added 2026/01/14 12:0 a.m.•3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001680 advisory. st21nfcaconnectivityeventreceived in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVTTRANSACTION buffer overflows because of untrusted length...

7.8CVSS7.1AI score0.00432EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by