CVE-2018-5764 |
High |
Yes |
Access restriction bypass |
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to... |
CVE-2017-17434 |
Medium |
Yes |
Access restriction bypass |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the... |
CVE-2017-17433 |
Medium |
Yes |
Access restriction bypass |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates... |
CVE-2017-16548 |
High |
Yes |
Denial of service |
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows... |
CVE-2017-15994 |
Critical |
Yes |
Access restriction bypass |
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for... |