Samba

Rsync

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht Exploit
  • EPSS 2.22%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 30.06.2026 00:16:48

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...

Exploit
  • EPSS 1.76%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 30.06.2026 00:16:48

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send chec...

Exploit
  • EPSS 1.66%
  • Veröffentlicht 02.08.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:58:35

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client perfo...

  • EPSS 1.1%
  • Veröffentlicht 27.05.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:03:09

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certifica...

  • EPSS 6.34%
  • Veröffentlicht 17.01.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:09:21

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.

  • EPSS 3.36%
  • Veröffentlicht 06.12.2017 03:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechan...

  • EPSS 1.79%
  • Veröffentlicht 06.12.2017 03:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote atta...

  • EPSS 5.16%
  • Veröffentlicht 06.11.2017 05:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) ...

  • EPSS 1%
  • Veröffentlicht 29.10.2017 06:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the c...

Exploit
  • EPSS 6.5%
  • Veröffentlicht 12.02.2015 16:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.