| CVE-2024-12747 |
AVG-2858 |
Medium |
Yes |
Privilege escalation |
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when... |
| CVE-2024-12088 |
AVG-2858 |
High |
Yes |
Arbitrary file upload |
A flaw was found in rsync. When using the --safe-links option, rsync fails to properly verify if a symbolic link destination contains another symbolic link... |
| CVE-2024-12087 |
AVG-2858 |
High |
Yes |
Arbitrary file upload |
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client... |
| CVE-2024-12086 |
AVG-2858 |
Medium |
Yes |
Information disclosure |
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files... |
| CVE-2024-12085 |
AVG-2858 |
High |
Yes |
Information disclosure |
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum... |
| CVE-2024-12084 |
AVG-2858 |
Critical |
Yes |
Arbitrary code execution |
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length)... |
| CVE-2021-3755 |
AVG-2333 |
Medium |
Yes |
Arbitrary command execution |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was... |
| CVE-2020-14387 |
AVG-1374 |
High |
Yes |
Man-in-the-middle |
A flaw was found in rsync version 3.2.0pre1 to 3.2.4. rsync-ssl does not verify the hostname in the server certificate in openssl mode, so a remote,... |
| CVE-2018-5764 |
AVG-542 |
High |
Yes |
Access restriction bypass |
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to... |
| CVE-2017-17434 |
AVG-542 |
Medium |
Yes |
Access restriction bypass |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the... |
| CVE-2017-17433 |
AVG-542 |
Medium |
Yes |
Access restriction bypass |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata updates... |
| CVE-2017-16548 |
AVG-542 |
High |
Yes |
Denial of service |
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows... |
| CVE-2017-15994 |
AVG-542 |
Critical |
Yes |
Access restriction bypass |
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for... |