pkg:Alpine/rsync

All known vulnerabilities

• CRITICAL9.8CVE-2024-12084rsync - security update
  from 0, < 3.4.0-r0
• CRITICAL9.8CVE-2017-17434The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data st…
  from 0, < 3.1.2-r7
• CRITICAL9.8rsync - security update
  from 0, < 3.1.2-r7
• HIGH8.1Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…
  from 0, < 3.4.3-r0
• HIGH7.8In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free.
  from 0, < 3.4.1-r2
• HIGH7.5A flaw was found in rsync.
  from 0, < 3.4.0-r0
• HIGH7.5A path traversal vulnerability exists in rsync.
  from 0, < 3.4.0-r0
• HIGH7.5rsync - security update
  from 0, < 3.4.0-r0
• HIGH7.5rsync - security update
  from 0, < 3.1.3-r0
• HIGH7.4An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of conne…
  from 0, < 3.2.4-r0
• HIGH7.4A flaw was found in rsync in versions since 3.2.0pre1.
  from 0, < 3.2.4-r0
• MEDIUM6.8A flaw was found in rsync.
  from 0, < 3.4.0-r0
• MEDIUM6.3Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…
  from 0, < 3.4.3-r0
• MEDIUM5.6A flaw was found in rsync.
  from 0, < 3.4.0-r0
• MEDIUM5.5Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…
  from 0, < 3.4.3-r0
• MEDIUM4.8Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…
  from 0, < 3.4.3-r0
• MEDIUM4.3A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negativ…
  from 0, < 3.4.1-r1
• LOW3.7Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…
  from 0, < 3.4.3-r0
• LOW3.7The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file met…
  from 0, < 3.1.2-r7
• —Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to…
  from 0, < 3.4.3-r0