Lucene search
K

18 matches found

OSV
OSV
added 2026/06/05 3:48 p.m.6 views

OESA-2026-2551 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

6.9CVSS5.5AI score0.00503EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/22 1:11 p.m.7 views

CVE-2026-43620

A flaw was found in rsync. A malicious rsync server can exploit an out-of-bounds read vulnerability in the recvfiles function. By manipulating compatibility flags and transfer records, the server can cause a connecting client to attempt to read memory outside of allocated bounds. This can lead to...

6.9CVSS5.7AI score0.00503EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/20 12:47 a.m.7 views

CVE-2026-43620

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...

6.9CVSS5.8AI score0.00503EPSS
Exploits0
CVE
CVE
added 2026/05/20 12:47 a.m.27 views

CVE-2026-43620

Rsync 3.4.2 and earlier are affected by a receiver-side out-of-bounds array read in recv_files() (receiver.c). The underlying cause is a mismanaged pointer array leading to an 8-byte read before the allocated array, allowing a crafted file list (with CF_INC_RECURSE enabled, first sorted entry not...

6.9CVSS5.8AI score0.00503EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2021-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.9AI score0.01794EPSS
Exploits0References2
Veracode
Veracode
added 2020/05/10 11:22 p.m.163 views

Access Control Bypass

rsync is vulnerable to access control bypass. A remote attacker is able to bypass access restrictions as the daemon does not check for fnamecmp filenames in the daemonfilterlist data structure in recvfiles function in receiver.c. The sanitizepaths protection mechanism is also not applied to...

9.8CVSS5.8AI score0.03362EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/05/10 11:22 p.m.23 views

Access Control Bypass

rsync is vulnerable to access control bypass. The recvfiles function in receiver.c does not check for a filename in the daemonfilterlist data structure, allowing remote attackers to bypass intended access restrictions...

3.7CVSS6.4AI score0.01794EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.22 views

EulerOS Virtualization for ARM 64 3.0.2.0 : rsync (EulerOS-SA-2020-1257)

According to the versions of the rsync package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds wit...

9.8CVSS7AI score0.01794EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2018-1244)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.06337EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/18 12:0 a.m.31 views

EulerOS Virtualization 2.5.0 : rsync (EulerOS-SA-2018-1244)

According to the versions of the rsync package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain...

9.8CVSS7AI score0.06337EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2017/12/17 12:0 a.m.35 views

rsync -- multiple vulnerabilities

Jeriko One reports: The receivexattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified...

9.8CVSS8.1AI score0.05163EPSS
Exploits0References1
Mageia
Mageia
added 2017/12/16 11:20 p.m.39 views

Updated rsync package fixes security vulnerabilities

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

9.8CVSS5.5AI score0.03362EPSS
Exploits0References2
Snyk
Snyk
added 2017/12/06 3:29 a.m.4 views

Improper Access Control

Overview Affected versions of this package are vulnerable to Improper Access Control. The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data...

4.8CVSS6.9AI score0.01794EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/12/06 3:29 a.m.4 views

CVE-2017-17433

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

4.3CVSS5.6AI score0.01794EPSS
Exploits0References6
Prion
Prion
added 2017/12/06 3:29 a.m.21 views

Design/Logic Flaw

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

4.3CVSS6.5AI score0.01794EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2017/12/06 3:29 a.m.6 views

ALPINE-CVE-2017-17434

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemonfilterlist data structure in the recvfiles function in receiver.c and also does not apply the sanitizepaths protection mechanism to pathnames found in "xname follows" strings in...

9.8CVSS7AI score0.03362EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2017/12/06 3:0 a.m.31 views

CVE-2017-17433

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

4.3CVSS6.9AI score0.01794EPSS
Exploits0
OSV
OSV
added 2017/12/05 12:0 a.m.5 views

UBUNTU-CVE-2017-17433

The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemonfilterlist data structure, which allows remote attackers to bypass intended access restrictions...

3.7CVSS6.8AI score0.01794EPSS
Exploits0References4
Rows per page
Query Builder