Lucene search
K
SambaRsync

24 matches found

CVE
CVE
added 2022/08/02 2:22 p.m.655 views

CVE-2022-29154

CVE-2022-29154 affects rsync prior to 3.2.5, enabling a malicious server (or MITM) to cause the rsync client to write arbitrary files in the client’s directory tree (including sensitive files such as .ssh/authorized_keys). The issue arises from insufficient validation of filenames returned by the...

7.4CVSS7.7AI score0.0165EPSS
In wild
CVE
CVE
added 2025/01/14 5:37 p.m.353 views

CVE-2024-12085

CVE-2024-12085 affects rsync; a flaw in checksum comparison allows an attacker to manipulate s2length, causing comparisons against uninitialized memory and leaking one byte of uninitialized stack data per interaction. The issue is rated HIGH (CVSS 3.1: 7.5) with network attack vector and no user ...

7.5CVSS7.5AI score0.09353EPSS
CVE
CVE
added 2018/01/17 10:0 p.m.228 views

CVE-2018-5764

The CVE concerns rsyncd’s parse_arguments in options.c, where multiple uses of --protect-args are not prevented, allowing remote bypass of the argument-sanitization protection mechanism. Affects rsync prior to 3.1.3 (upstream) and various vendor advisories reference mitigation through upgrading t...

7.5CVSS7.4AI score0.06337EPSS
CVE
CVE
added 2025/01/14 5:38 p.m.200 views

CVE-2024-12088

CVE-2024-12088 is a path-traversal vulnerability in rsync when using --safe-links, arising from improper verification of symbolic-link destinations on the server side, potentially allowing writes outside the target directory. Concrete remediation details appear in multiple connected advisories: C...

7.5CVSS8AI score0.04575EPSS
CVE
CVE
added 2025/01/14 5:57 p.m.182 views

CVE-2024-12087

CVE-2024-12087 affects rsync and is described in connected advisories as a path traversal vulnerability triggered by the --inc-recursive behavior, arising from insufficient symlink verification and per-file-list deduplication checks. The result could allow a server to write files outside the clie...

7.5CVSS6.5AI score0.02224EPSS
CVE
CVE
added 2017/11/06 5:0 a.m.180 views

CVE-2017-16548

The CVE-2017-16548 issue affects rsync 3.1.2 and 3.1.3-development: receive_xattr does not validate a trailing null in xattr names, allowing a remote attacker to cause a heap-based buffer over-read and crash the daemon. Evidence from multiple advisories confirms a denial-of-service/possible impac...

9.8CVSS9.7AI score0.05163EPSS
CVE
CVE
added 2025/01/15 2:16 p.m.172 views

CVE-2024-12084

CVE-2024-12084: Rsync daemon heap-based buffer overflow caused by improper handling of attacker-controlled checksum lengths (s2length). When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an out-of-bounds write to sum2 is possible. Public advisories confirm this bug affects rsync version...

9.8CVSS9.6AI score0.72059EPSS
CVE
CVE
added 2025/01/14 5:37 p.m.160 views

CVE-2024-12086

The CVE-2024-12086 entry concerns rsync. A flaw in rsync’s checksum-based comparison during client→server file transfer can enable a server to enumerate contents of files on the client by sending crafted checksum values and analyzing responses. The connected documents confirm rsync is affected an...

6.8CVSS6.1AI score0.01761EPSS
CVE
CVE
added 2017/12/06 3:0 a.m.151 views

CVE-2017-17433

CVE-2017-17433 affects rsync 3.1.2 and 3.1.3-development prior to 2017-11/12; the daemon’s receive path (recv_files in receiver.c) updates file metadata before verifying the filename against the daemon_filter_list, allowing remote attackers to bypass access restrictions. Related advisories note t...

4.3CVSS6.4AI score0.01794EPSS
CVE
CVE
added 2017/12/06 3:0 a.m.140 views

CVE-2017-17434

The CVE-2017-17434 issue affects rsync 3.1.2 and 3.1.3-development prior to 2017-12-03. The daemon can bypass access restrictions by not checking fnamecmp filenames in daemon_filter_list and by not applying sanitize_paths to pathnames in "xname follows" strings (read_ndx_and_attrs in rsync.c). Re...

9.8CVSS8.4AI score0.03362EPSS
CVE
CVE
added 2026/04/16 6:53 a.m.134 views

CVE-2026-41035

CVE-2026-41035 affects rsync versions 3.0.1 through 3.4.1. The vulnerability stems from receive_xattr using an untrusted length value during a qsort, causing a receiver use-after-free when the -X/--xattrs option is used. Impact is described as low for confidentiality/integrity/availability, with ...

7.8CVSS5.8AI score0.00393EPSS
CVE
CVE
added 2015/02/12 4:0 p.m.133 views

CVE-2014-9512

CVE-2014-9512 affects rsync 3.1.1, enabling a remote attacker to write arbitrary files via a symlink attack during synchronization. The vulnerability is caused by improper handling of symlinks in the transfer/path, allowing modification of files on the target host. Multiple connected sources refe...

6.4CVSS8.4AI score0.06499EPSS
CVE
CVE
added 2021/05/27 7:44 p.m.113 views

CVE-2020-14387

CVE-2020-14387 affects rsync 3.2.0pre1 up to 3.2.4, where rsync-ssl hostname verification is broken in OpenSSL mode. This allows a remote, unauthenticated attacker with a valid certificate for another hostname to perform a man-in-the-middle and potentially compromise confidentiality and integrity...

7.4CVSS7AI score0.01098EPSS
CVE
CVE
added 2017/10/29 6:0 a.m.96 views

CVE-2017-15994

CVE-2017-15994 affects the rsync project; specifically the development branch up to 2017-10-24 (3.1.3-development) where archaic checksums are mishandled. This vulnerability can allow remote attackers to bypass intended access restrictions by manipulating checksum-related logic in rsync, as descr...

9.8CVSS9.4AI score0.01001EPSS
CVE
CVE
added 2011/03/30 10:0 p.m.94 views

CVE-2011-1097

CVE-2011-1097 affects rsync 3.x before 3.0.8, where specific recursion, deletion, and ownership options enable a remote rsync server to trigger heap memory corruption, causing a Denial of Service or potentially allow arbitrary code execution via malformed data. The connected details corroborate t...

5.1CVSS9.8AI score0.03163EPSS
CVE
CVE
added 2008/04/10 7:0 p.m.83 views

CVE-2008-1720

CVE-2008-1720 concerns rsync, where a buffer/overflow issue in rsync 2.6.9–3.0.1 with extended attribute support enabled can allow a remote attacker to execute arbitrary code or crash. Public sources attribute the overflow to handling of ACLs/xattr, enabling remote code execution or instability u...

7.5CVSS7.5AI score0.04985EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.75 views

CVE-2002-0080

CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...

2.1CVSS9.1AI score0.00521EPSS
CVE
CVE
added 2014/04/23 2:0 p.m.63 views

CVE-2014-2855

CVE-2014-2855 affects rsync up to version 3.1.0. The vulnerability resides in check_secret() in authenticate.c, where a username not present in the secrets file can trigger an infinite loop and CPU denial of service. Multiple advisories confirm the issue and reference the affected rsync, with pat...

7.8CVSS6.3AI score0.04119EPSS
CVE
CVE
added 2026/05/20 12:50 a.m.41 views

CVE-2026-43618

Rsync

8.1CVSS6AI score0.0078EPSS
CVE
CVE
added 2026/05/20 12:48 p.m.34 views

CVE-2026-29518

Rsync

7.8CVSS5.9AI score0.00152EPSS
CVE
CVE
added 2026/05/20 12:52 a.m.30 views

CVE-2026-43617

CVE-2026-43617 affects rsync

6.3CVSS5.8AI score0.00282EPSS
CVE
CVE
added 2026/05/20 12:47 a.m.29 views

CVE-2026-43620

Rsync 3.4.2 and earlier are affected by a receiver-side out-of-bounds array read in recv_files() (receiver.c). The underlying cause is a mismanaged pointer array leading to an 8-byte read before the allocated array, allowing a crafted file list (with CF_INC_RECURSE enabled, first sorted entry not...

6.9CVSS5.8AI score0.00503EPSS
CVE
CVE
added 2026/05/20 12:49 a.m.23 views

CVE-2026-43619

Rsync

7.2CVSS6AI score0.00136EPSS
CVE
CVE
added 2026/05/20 12:45 a.m.18 views

CVE-2026-45232

Rsync

3.7CVSS5.8AI score0.00337EPSS