CVE-2017-15994
- EPSS 0.14%
- Published 29.10.2017 06:29:01
- Last modified 20.04.2025 01:37:25
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the c...
CVE-2014-9512
- EPSS 8.88%
- Published 12.02.2015 16:59:01
- Last modified 12.04.2025 10:46:40
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2014-2855
- EPSS 17.19%
- Published 23.04.2014 15:55:04
- Last modified 12.04.2025 10:46:40
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
CVE-2011-1097
- EPSS 2.19%
- Published 30.03.2011 22:55:01
- Last modified 11.04.2025 00:51:21
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
CVE-2008-1720
- EPSS 8.44%
- Published 10.04.2008 19:05:00
- Last modified 09.04.2025 00:30:58
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2002-0080
- EPSS 0.79%
- Published 15.03.2002 05:00:00
- Last modified 03.04.2025 01:03:51
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.