CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-12087 – Rsync: path traversal vulnerability in rsync
https://notcve.org/view.php?id=CVE-2024-12087
14 Jan 2025 — A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write m... • https://access.redhat.com/security/cve/CVE-2024-12087 • CWE-35: Path Traversal: '.../ •
CVSS: 5.6EPSS: 0%CPEs: 20EXPL: 0CVE-2024-12747 – Rsync: race condition in rsync handling symbolic links
https://notcve.org/view.php?id=CVE-2024-12747
14 Jan 2025 — A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. • https://access.redhat.com/security/cve/CVE-2024-12747 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-12088 – Rsync: --safe-links option bypass leads to path traversal
https://notcve.org/view.php?id=CVE-2024-12088
14 Jan 2025 — A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. • https://access.redhat.com/security/cve/CVE-2024-12088 • CWE-35: Path Traversal: '.../ •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-12086 – Rsync: rsync server leaks arbitrary client files
https://notcve.org/view.php?id=CVE-2024-12086
14 Jan 2025 — A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte ba... • https://access.redhat.com/security/cve/CVE-2024-12086 • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 1%CPEs: 32EXPL: 0CVE-2024-12085 – Rsync: info leak via uninitialized stack contents
https://notcve.org/view.php?id=CVE-2024-12085
14 Jan 2025 — A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitializ... • https://access.redhat.com/security/cve/CVE-2024-12085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57635
https://notcve.org/view.php?id=CVE-2024-57635
14 Jan 2025 — An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. • https://github.com/openlink/virtuoso-opensource/issues/1182 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57636
https://notcve.org/view.php?id=CVE-2024-57636
14 Jan 2025 — An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. • https://github.com/openlink/virtuoso-opensource/issues/1194 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57637
https://notcve.org/view.php?id=CVE-2024-57637
14 Jan 2025 — An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. • https://github.com/openlink/virtuoso-opensource/issues/1192 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57638
https://notcve.org/view.php?id=CVE-2024-57638
14 Jan 2025 — An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. • https://github.com/openlink/virtuoso-opensource/issues/1190 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57639
https://notcve.org/view.php?id=CVE-2024-57639
14 Jan 2025 — An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. • https://github.com/openlink/virtuoso-opensource/issues/1185 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •