3 matches found
Amazon Linux 2 : rsync (ALAS-2022-1873)
The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1873 advisory. A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can cop...
PEAR Archive Tar Insecure Deserialization Code Execution (CVE-2020-28948)
An insecure deserialization vulnerability exists in the PEAR ArchiveTar module. The vulnerability is due to improper validation of file names inside TAR files. A remote attacker can exploit this vulnerability by sending malicious TAR files to the applications which are using PEAR ArchiveTar modul...
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...