CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2448 matches found

Ubuntu•added 2025/01/16 5:0 p.m.•160 views

USN-7206-2: rsync regression

USN-7206-1 fixed vulnerabilities in rsync. The update introduced a regression in rsync. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. ...

7.7AI score

Exploits0References1

OSV•added 2025/01/16 5:0 p.m.•3 views

USN-7206-2 rsync regression

6AI score

Exploits0References2

SUSE CVE•added 2025/01/16 4:8 a.m.•1 views

SUSE CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths s2length in the code. When MAXDIGESTLEN exceeds the fixed SUMLENGTH 16 bytes, an attacker can write out of bounds in the sum2 buffer...

9.8CVSS7.2AI score0.72059EPSS

Exploits4References14

SUSE CVE•added 2025/01/16 4:8 a.m.•1 views

SUSE CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

5.3CVSS8AI score0.09353EPSS

Exploits2References25

SUSE CVE•added 2025/01/16 4:8 a.m.•2 views

SUSE CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.5CVSS6.4AI score0.01761EPSS

Exploits1References23

SUSE CVE•added 2025/01/16 4:8 a.m.•1 views

SUSE CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

8.8CVSS8.7AI score0.02224EPSS

Exploits1References25

SUSE CVE•added 2025/01/16 4:8 a.m.•3 views

SUSE CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

6.5CVSS8.3AI score0.04575EPSS

Exploits0References25

SUSE CVE•added 2025/01/16 4:8 a.m.•1 views

SUSE CVE-2024-12747

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass...

6.3CVSS8.2AI score0.00377EPSS

Exploits0References17

Fedora•added 2025/01/16 2:18 a.m.•16 views

[SECURITY] Fedora 40 Update: rsync-3.4.0-1.fc40

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

9.8CVSS7AI score0.72059EPSS

Exploits8

BDU FSTEC•added 2025/01/16 12:0 a.m.•3 views

The vulnerability of the rsync repository of the FORT verifier, related to uncontrolled resource consumption, allows attackers to increase their privileges.

The vulnerability of the rsync repository in the FORT verifier is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

8.6CVSS5.4AI score

Exploits0References4Affected Software2

OSV•added 2025/01/16 12:0 a.m.•3 views

DSA-5843-2 rsync - regression update

Bulletin has no description...

7.2AI score

Exploits0

Tenable Nessus•added 2025/01/16 12:0 a.m.•11 views

Fedora 40 : rsync (2025-73c1f25730)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-73c1f25730 advisory. New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747. Tenable has...

9.8CVSS7.4AI score0.72059EPSS

Exploits8References7

OpenVAS•added 2025/01/16 12:0 a.m.•17 views

openSUSE: Security Advisory for rsync (SUSE-SU-2025:0118-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.72059EPSS

Exploits8References2

OpenVAS•added 2025/01/16 12:0 a.m.•14 views

openSUSE: Security Advisory for rsync (SUSE-SU-2025:0122-2)

7.5CVSS7.5AI score0.09353EPSS

Exploits4References2

OpenVAS•added 2025/01/16 12:0 a.m.•9 views

openSUSE: Security Advisory for rsync (SUSE-SU-2025:0118-2)

9.8CVSS7.7AI score0.72059EPSS

Exploits8References2

OpenVAS•added 2025/01/16 12:0 a.m.•14 views

openSUSE: Security Advisory for rsync (SUSE-SU-2025:0122-1)