- EPSS 96.27%
- Veröffentlicht 22.04.2026 08:15:10
- Zuletzt bearbeitet 01.07.2026 17:30:58
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-pl...
CVE-2024-12084
- EPSS 72.06%
- Veröffentlicht 15.01.2025 15:15:10
- Zuletzt bearbeitet 29.06.2026 21:16:29
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write...
CVE-2024-12085
- EPSS 9.35%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 29.06.2026 21:16:30
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...
CVE-2024-12086
- EPSS 1.76%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send chec...
CVE-2024-12087
- EPSS 2.22%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...
CVE-2024-12088
- EPSS 4.58%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...
CVE-2017-7412
- EPSS 0.36%
- Veröffentlicht 04.04.2017 00:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.