CVE-2025-26465
- EPSS 7%
- Veröffentlicht 18.02.2025 19:15:29
- Zuletzt bearbeitet 12.05.2026 13:16:40
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in spec...
CVE-2024-12084
- EPSS 72.06%
- Veröffentlicht 15.01.2025 15:15:10
- Zuletzt bearbeitet 29.06.2026 21:16:29
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write...
CVE-2024-12085
- EPSS 9.35%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 29.06.2026 21:16:30
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...
CVE-2024-12086
- EPSS 1.76%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send chec...
CVE-2024-12087
- EPSS 2.22%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...
CVE-2024-12088
- EPSS 4.58%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...
CVE-2024-49394
- EPSS 0.33%
- Veröffentlicht 12.11.2024 03:15:03
- Zuletzt bearbeitet 26.06.2026 02:16:50
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
CVE-2024-49395
- EPSS 0.3%
- Veröffentlicht 12.11.2024 03:15:03
- Zuletzt bearbeitet 26.06.2026 02:16:50
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
CVE-2024-49393
- EPSS 0.33%
- Veröffentlicht 12.11.2024 02:15:18
- Zuletzt bearbeitet 26.06.2026 02:16:50
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
CVE-2024-50074
- EPSS 0.23%
- Veröffentlicht 29.10.2024 01:15:04
- Zuletzt bearbeitet 03.11.2025 23:16:47
In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() retu...