Lucene search
K

6 matches found

CVE
CVE
added 2022/08/02 2:22 p.m.657 views

CVE-2022-29154

CVE-2022-29154 affects rsync prior to 3.2.5, enabling a malicious server (or MITM) to cause the rsync client to write arbitrary files in the client’s directory tree (including sensitive files such as .ssh/authorized_keys). The issue arises from insufficient validation of filenames returned by the...

7.4CVSS7.7AI score0.01659EPSS
In wild
CVE
CVE
added 2025/01/14 5:37 p.m.355 views

CVE-2024-12085

CVE-2024-12085 affects rsync; a flaw in checksum comparison allows an attacker to manipulate s2length, causing comparisons against uninitialized memory and leaking one byte of uninitialized stack data per interaction. The issue is rated HIGH (CVSS 3.1: 7.5) with network attack vector and no user ...

7.5CVSS7.5AI score0.09353EPSS
CVE
CVE
added 2018/01/17 10:0 p.m.229 views

CVE-2018-5764

The CVE concerns rsyncd’s parse_arguments in options.c, where multiple uses of --protect-args are not prevented, allowing remote bypass of the argument-sanitization protection mechanism. Affects rsync prior to 3.1.3 (upstream) and various vendor advisories reference mitigation through upgrading t...

7.5CVSS7.4AI score0.06337EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.75 views

CVE-2002-0080

CVE-2002-0080 affects rsync when run in daemon mode: it does not call setgroups before dropping privileges, potentially letting local users inherit supplementary group privileges and read files they shouldn’t. The vulnerability is demonstrated across multiple advisories (Mandrake/MDKSA-2002:024, ...

2.1CVSS9.1AI score0.00521EPSS
CVE
CVE
added 2026/05/20 12:48 p.m.43 views

CVE-2026-29518

Rsync

7.8CVSS5.9AI score0.00152EPSS
CVE
CVE
added 2026/05/20 12:45 a.m.18 views

CVE-2026-45232

Rsync

3.7CVSS5.8AI score0.00337EPSS