CVE-2017-15994
- EPSS 0.14%
- Veröffentlicht 29.10.2017 06:29:01
- Zuletzt bearbeitet 20.04.2025 01:37:25
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the c...
CVE-2014-9512
- EPSS 8.88%
- Veröffentlicht 12.02.2015 16:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2014-2855
- EPSS 17.19%
- Veröffentlicht 23.04.2014 15:55:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
CVE-2011-1097
- EPSS 2.19%
- Veröffentlicht 30.03.2011 22:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
CVE-2008-1720
- EPSS 8.44%
- Veröffentlicht 10.04.2008 19:05:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2002-0080
- EPSS 0.79%
- Veröffentlicht 15.03.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.