|
51
|
7.8
-
|
HIGH
Local
|
A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overfl…
|
-
|
CVE-2025-26596
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2025-03-10 22:15
2025-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
7.8
-
|
HIGH
Local
|
A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The cod…
|
-
|
CVE-2025-26595
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2025-03-10 22:15
2025-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
7.8
-
|
HIGH
Local
|
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed me…
|
-
|
CVE-2025-26594
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2025-03-10 22:15
2025-02-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
6.8
-
|
MEDIUM
Network
|
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occur…
|
-
|
CVE-2025-26465
|
cpe:2.3:o:redhat:enterprise_linux:9.0:*
|
|
|
|
|
2025-03-6 03:54
2025-02-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
7.5
-
|
HIGH
Network
|
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it…
|
CWE-22
Path Traversal
|
CVE-2024-12088
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2026-04-15 07:16
2025-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
7.5
-
|
HIGH
Network
|
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even …
|
CWE-22
Path Traversal
|
CVE-2024-12087
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2026-04-15 07:16
2025-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
6.8
-
|
MEDIUM
Network
|
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. D…
|
CWE-390
Detection of Error Condition Without Action
|
CVE-2024-12086
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2026-04-15 07:16
2025-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
7.5
-
|
HIGH
Network
|
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checks…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-12085
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2026-04-15 07:16
2025-01-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
5.3
-
|
MEDIUM
Network
|
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
|
NVD-CWE-noinfo
|
CVE-2024-49395
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-14 22:33
2024-11-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
5.3
-
|
MEDIUM
Network
|
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-49394
|
cpe:2.3:o:redhat:enterprise_linux:9.0:* cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-14 22:38
2024-11-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|