Lucene search
K

81 matches found

OSV
OSV
added 2025/01/09 12:0 a.m.2 views

UBUNTU-CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.5AI score0.72059EPSS
Exploits4References7
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.5 views

PT-2024-10125

The rsync daemon is affected by a flaw that can be triggered when comparing file checksums, allowing an attacker to manipulate the checksum length and cause a comparison between a checksum and uninitialized memory. This results in the leak of one byte of uninitialized stack data at a time. An...

7.8CVSS7.4AI score0.09353EPSS
Exploits3References179
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.52 views

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2023-002)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-002 advisory. An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating ex: when compressing if the input has many distant matches. For some rare inputs with a large numbe...

9.8CVSS7.4AI score0.51733EPSS
Exploits3References8
F5 Networks
F5 Networks
added 2023/02/21 6:50 p.m.29 views

K15604: Multiple rsync vulnerabilities

Security Advisory Description Following are descriptions of various rsync vulnerabilities: CVE-2006-2083 Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes th...

10CVSS8.5AI score0.05442EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-5764

The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...

3.3CVSS9.5AI score0.06337EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/12/06 5:31 p.m.29 views

CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. Mitigation Th...

7.5CVSS2.6AI score0.01107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/11/16 12:0 a.m.40 views

AlmaLinux 9 : rsync (ALSA-2022:4592)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4592 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. T...

7.5CVSS7AI score0.51733EPSS
Exploits1References2
Broadcom
Broadcom
added 2022/09/13 12:0 a.m.8 views

CVE-2018-5764, CVE-2017-16548 and CVE-2017-1734. Vulnerabilities in rsynd

Security Advisory ID : BSA-2022-2074 Component : rsyncd Revision : 1.0 CVE-2018-5764: The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. Base...

9.8CVSS7.4AI score0.06337EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.7 views

The vulnerability of the recv_files and read_ndx_and attrs functions in the rsync daemon allows a hacker to circumvent existing access restrictions and compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of rsync exists due to the lack of checks on the filenames fnamecmp in the daemonfilterlist data structure in the recvfiles function in receiver.c, and the absence of a sanitizepaths mechanism for paths found in the “xname follows” strings in the readndxand attrs function in...

10CVSS6.8AI score0.03362EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2018/12/18 12:0 a.m.7 views

The vulnerability of the `parse_arguments` function in the rsyncd server’s Rsync utility allows users to compromise data integrity.

The vulnerability of the parsearguments function in the rsyncd utility’s options.c file of the rsync server is related to the possibility of using multiple protect-args parameters. This allows attackers to circumvent existing security mechanisms. Exploiting this vulnerability could enable a remot...

7.5CVSS6.8AI score0.06337EPSS
Exploits0References10Affected Software5
CNVD
CNVD
added 2018/01/18 12:0 a.m.8 views

rsync 'parse_arguments' function protection mechanism bypass vulnerability

rsync is a suite of data mirroring backup applications for Unix-like systems developed by Australian software developers Andrew Tridgell and Paul Mackerras, which synchronizes the updating of files and directories between two computers and reduces data transfers by using differential encoding...

7.5CVSS7.8AI score0.06337EPSS
Exploits0References1
OSV
OSV
added 2018/01/17 10:29 p.m.5 views

ALPINE-CVE-2018-5764

The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...

7.5CVSS7.1AI score0.06337EPSS
Exploits0References1
OSV
OSV
added 2018/01/17 12:0 a.m.6 views

UBUNTU-CVE-2018-5764

The parsearguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism...

7.5CVSS6.7AI score0.06337EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2017/12/06 4:19 p.m.30 views

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

9.8CVSS5.3AI score0.03362EPSS
Exploits0References1
Prion
Prion
added 2017/12/06 3:29 a.m.23 views

Design/Logic Flaw

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

7.5CVSS9.3AI score0.03362EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2017/12/06 3:29 a.m.4 views

CVE-2017-17433

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

4.3CVSS5.6AI score0.01794EPSS
Exploits0References6
Prion
Prion
added 2017/12/06 3:29 a.m.22 views

Design/Logic Flaw

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

4.3CVSS6.5AI score0.01794EPSS
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2017/12/06 3:29 a.m.7 views

CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

9.8CVSS5.5AI score0.03362EPSS
Exploits0References8
OSV
OSV
added 2017/12/06 3:29 a.m.4 views

DEBIAN-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

9.8CVSS9.2AI score0.03362EPSS
Exploits0References1
OSV
OSV
added 2017/12/06 3:29 a.m.6 views

ALPINE-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

9.8CVSS7AI score0.03362EPSS
Exploits0References1
Rows per page
Query Builder