Azure Linux 3.0 Security Update: rsync (CVE-2024-12086)

The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12086 advisory. - A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the...

Azure Linux 3.0 Security Update: rsync (CVE-2024-12085)

The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12085 advisory. - A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an...

Azure Linux 3.0 Security Update: rsync (CVE-2024-12747)

The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12747 advisory. - A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symboli...

Azure Linux 3.0 Security Update: rsync (CVE-2024-12084)

The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12084 advisory. - A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of...

Azure Linux 3.0 Security Update: rsync (CVE-2024-12088)

The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12088 advisory. - A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a...

Ubuntu 24.10 : rsync regression (USN-7206-4)

The remote Ubuntu 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7206-4 advisory. USN-7206-3 fixed vulnerabilities in rsync for Ubuntu 24.10. The update introduced a regression in rsync. This update fixes the problem. We apologize for the...

Azure Linux 3.0 Security Update: rsync (CVE-2024-12087)

The version of rsync installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12087 advisory. - A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option,...

CVE-2025-24366

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

GO-2025-3458 SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo

SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2025-24366

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

CVE-2025-24366 Insufficient sanitization of user provided rsync command in SFTPGo

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

CVE-2025-24366 Insufficient sanitization of user provided rsync command in SFTPGo

SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync. It is disabled in the default configuration and it is limited to the...

SFTPGo has insufficient sanitization of user provided rsync command

Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...

GHSA-VJ7W-3M8C-6VPX SFTPGo has insufficient sanitization of user provided rsync command

Impact SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being rsync: it is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote...

CLSA-2025-1738958235 rsync: Fix of CVE-2024-12087

CVE-2024-12087: fix path traversal vulnerability that allows write files outside of the client's intended destination directory by malicious server...

Security update for rsync

This update for rsync fixes the following issues: Bump protocol version to 32 - make it easier to show server is patched. Fix FLAGGOTDIRFLIST collission with FLAGHLINKED Security update,CVE-2024-12747, bsc1235475 race condition in handling symbolic links Security update, fix multiple...

SFTPGo 操作系统命令注入漏洞

SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. SFTPGo suffers from an operating system command injection vulnerability that stems from a lack of cleanup of the rsync command, allowing remote users to read or write files...

CLSA-2025-1738852614 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...

CLSA-2025-1738833802 rsync: Fix of CVE-2024-12087

CVE-2024-12087: fix path traversal vulnerability that allows write files outside of the client's intended destination directory by malicious server...

CLSA-2025-1738833413 rsync: Fix of 2 CVEs

CVE-2024-12087: fix path traversal vulnerability in rsync enabled by the '--inc-recursive' option - CVE-2024-12088: make --safe-links stricter...