Do Not Install the rsync Service

The rsync service can synchronize data between servers or between local drive partitions. However, information leakage risks exist because rsync uses non-encrypted transmission protocols. If the rsync service is enabled and data is transmitted between servers over the network, attackers can...

CVE-2025-59339

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

PT-2025-38246

Name of the Vulnerable Software and Affected Versions: The Bastion affected versions not specified Description: The Bastion provides authentication, authorization, traceability, and auditability for SSH accesses. Session-recording ttyrec files are handled by the provided osh-encrypt-rsync script,...

PocCollect

This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...

CLSA-2025-1757608663 rsync: Fix of CVE-2024-12087

CVE-2024-12087: fix a path traversal issue in --inc-recursive mode that let a malicious server escape the destination directory...

Advisory ROSA-SA-2025-2976

Software: rsync 3.4.1 OS: ROSA-CHROME unaffected versions = rsync-3.4.1-1 affected versions rsync-3.4.1-1 CVE-ID: CVE-2024-12084 BDU-ID: 2025-00378 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync [ CVE-2024-12087]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync, caused by a behavior enabled by the --inc-recursive option, a default-enabled option for many client options, that can be enabled by the server even if not explicitly enabled by the client...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in rsync [CVE-2024-12747]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in rsync, due to a race condition during rsync's handling of symbolic links CVE-2024-12747. Rsync is used as part of our Java Microservices. This vulnerabilitiy has been addressed. Please read the detai...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync [CVE-2024-12088]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync, due to an issue when using the --safe-links option, where the client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it...

Linux Distros Unpatched Vulnerability : CVE-2018-20683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a bad impact by...

TencentOS Server 4: rsync (TSSA-2025:0534)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0534 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

RHSA-2025:13947 Red Hat Security Advisory: rsync security update

Bulletin has no description...

Low: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Telecommunications Update Service, and Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION. Red Hat Product Security has rated this update as having a...

Linux Distros Unpatched Vulnerability : CVE-2024-12085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length t...

RHEL 8 : rsync (RHSA-2025:13947)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13947 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1723)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1735)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1882)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...