CVE-2024-12084

all versions

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled che

9.8CRITICAL

CVE-2024-12088

<= 3.3.0

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest

6.5MEDIUM

CVE-2024-12087

<= 3.3.0

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled

6.5MEDIUM

CVE-2024-12086

<= 3.3.0

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This

6.1MEDIUM

CVE-2024-12085

< 3.3.0

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate

7.5HIGH

CVE-2022-29154

< 3.2.5

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories

7.4HIGH

CVE-2020-14387

>= 3.2.1 and < 3.2.4

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A

7.4HIGH

CVE-2018-5764

< 3.1.3

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which all

7.5HIGH

CVE-2017-17434

<= 3.1.2

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_lis

9.8CRITICAL

CVE-2017-17433

all versions

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain

3.7LOW

CVE-2017-16548

> 2.6.9 and <= 3.1.2

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xat

9.8CRITICAL

CVE-2017-15994

<= 3.1.2

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass inten

9.8CRITICAL

CVE-2014-9512

all versions

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVE-2014-2855

<= 3.1.0

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infin

CVE-2011-1097

all versions

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a d

CVE-2008-1720

all versions

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute

CVE-2007-6200

all versions

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclu

CVE-2007-6199

all versions

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricte

CVE-2007-4091

all versions

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory nam

CVE-2006-2083

all versions

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attac

CVE-2004-0792

all versions

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, al

CVE-2004-0426

<= 2.6

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote att

CVE-2003-0962

all versions

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code a

CVE-2002-0080

< 2.5.3

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental

CVE-2002-0048

all versions

Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allo

CVE-1999-0473

<= 2.3.1

The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions