CVE-2024-12087
- EPSS 2.22%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...
CVE-2024-12088
- EPSS 4.58%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...
CVE-2024-9676
- EPSS 1.35%
- Veröffentlicht 15.10.2024 16:15:06
- Zuletzt bearbeitet 19.03.2026 18:16:13
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image us...
CVE-2024-9675
- EPSS 0.39%
- Veröffentlicht 09.10.2024 15:15:17
- Zuletzt bearbeitet 29.06.2026 21:16:30
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/w...
CVE-2024-6387
- EPSS 99.51%
- Veröffentlicht 01.07.2024 13:15:06
- Zuletzt bearbeitet 12.05.2026 12:17:20
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to aut...
CVE-2024-3183
- EPSS 2.05%
- Veröffentlicht 12.06.2024 09:15:18
- Zuletzt bearbeitet 21.11.2024 09:29:05
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted us...
CVE-2024-3049
- EPSS 0.54%
- Veröffentlicht 06.06.2024 06:15:09
- Zuletzt bearbeitet 02.10.2025 14:15:42
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
CVE-2023-3758
- EPSS 1.03%
- Veröffentlicht 18.04.2024 19:15:08
- Zuletzt bearbeitet 03.11.2025 21:15:59
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
CVE-2022-24809
- EPSS 1.11%
- Veröffentlicht 16.04.2024 20:15:09
- Zuletzt bearbeitet 17.01.2025 16:17:30
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Vers...
CVE-2022-24806
- EPSS 1.05%
- Veröffentlicht 16.04.2024 20:15:08
- Zuletzt bearbeitet 17.01.2025 16:09:56
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subag...