CVE-2024-12087
- EPSS 2.22%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...
CVE-2024-12086
- EPSS 1.76%
- Veröffentlicht 14.01.2025 18:15:25
- Zuletzt bearbeitet 30.06.2026 00:16:48
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send chec...
CVE-2022-29154
- EPSS 1.66%
- Veröffentlicht 02.08.2022 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:58:35
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client perfo...
CVE-2020-14387
- EPSS 1.1%
- Veröffentlicht 27.05.2021 20:15:07
- Zuletzt bearbeitet 21.11.2024 05:03:09
A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certifica...
CVE-2018-5764
- EPSS 6.34%
- Veröffentlicht 17.01.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:09:21
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
CVE-2017-17434
- EPSS 3.36%
- Veröffentlicht 06.12.2017 03:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechan...
CVE-2017-17433
- EPSS 1.79%
- Veröffentlicht 06.12.2017 03:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote atta...
CVE-2017-16548
- EPSS 5.16%
- Veröffentlicht 06.11.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) ...
CVE-2017-15994
- EPSS 1%
- Veröffentlicht 29.10.2017 06:29:01
- Zuletzt bearbeitet 13.05.2026 00:24:29
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the c...
CVE-2014-9512
- EPSS 6.5%
- Veröffentlicht 12.02.2015 16:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.