pkg:Debian/rsync

All known vulnerabilities

• CRITICAL9.8CVE-2024-12084rsync - security update
  from 0, < 3.2.7-1+deb12u1
• CRITICAL9.8CVE-2024-12084rsync - security update
  from 0, < 3.2.7-1+deb12u1
• CRITICAL9.8CVE-2017-17434The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data st…
  from 0, < 3.1.2-2.1
• CRITICAL9.8rsync - security update
  from 0, < 3.1.1-3+deb8u1
• CRITICAL9.8rsync - security update
  from 0, < 3.1.2-2.1
• CRITICAL9.8rsync - security update
  from 0, < 3.0.9-4+deb7u1
• CRITICAL9.8The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving bi…
  from 0, < 3.1.3-6
• CRITICAL9.8inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
  from 0, < 3.1.3-6
• HIGH8.8The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involvin…
  from 0, < 3.1.3-6
• HIGH8.8zlib - security update
  from 0, < 3.1.1-3+deb8u2
• HIGH8.8zlib - security update
  from 0, < 3.1.3-6
• HIGH8.1Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is no…
  from 0, < 3.2.3-4+deb11u4
• HIGH7.8In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free.
  from 0
• HIGH7.5A flaw was found in rsync.
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5A path traversal vulnerability exists in rsync.
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5rsync - security update
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5rsync - security update
  from 0, < 3.2.3-4+deb11u2
• HIGH7.5rsync - security update
  from 0, < 3.1.2-1+deb9u3
• HIGH7.5rsync - security update
  from 0, < 3.1.2-2.2
• HIGH7.5rsync - security update
  from 0, < 3.0.9-4+deb7u2
• HIGH7.4An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of conne…
  from 0
• HIGH7.4A flaw was found in rsync in versions since 3.2.0pre1.
  from 0, < 3.2.3-3
• MEDIUM6.8A flaw was found in rsync.
  from 0, < 3.2.3-4+deb11u2
• MEDIUM6.3Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, re…
  from 0, < 3.2.3-4+deb11u4
• MEDIUM5.6A flaw was found in rsync.
  from 0, < 3.2.3-4+deb11u2
• MEDIUM5.5Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a ma…
  from 0, < 3.2.3-4+deb11u4
• MEDIUM4.8Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforc…
  from 0, < 3.2.3-4+deb11u4
• MEDIUM4.3A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negativ…
  from 0
• LOW3.7Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in s…
  from 0
• LOW3.7The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file met…
  from 0, < 3.1.2-2.1
• —Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to…
  from 0, < 3.2.3-4+deb11u4
• —rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
  from 0, < 3.1.1-3
• —The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop…
  from 0, < 3.1.0-3
• —rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of…
  from 0, < 3.0.8
• —rsync
  from 0, < 3.0.2-1
• —rsync
  from 0, < 2.6.9-2etch2
• —Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclu…
  from 0, < 2.6.9-6
• —rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files v…
  from 0, < 2.6.9-6
• —rsync - arbitrary code execution
  from 0, < 2.6.9-5
• —rsync - arbitrary code execution
  from 0, < 2.6.9-2etch1
• —Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to e…
  from 0, < 2.6.8-1
• —rsync - unauthorised directory traversal and file access
  from 0, < 2.6.2-3
• —rsync - unauthorised directory traversal and file access
  from 0, < 2.5.5-0.6
• —rsync - directory traversal
  from 0, < 2.6.1-1
• —rsync - directory traversal
  from 0, < 2.5.5-0.5
• —Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (cr…
  from 0, < 2.6.1-1
• —rsync - heap overflow
  from 0, < 2.5.6-1.1
• —rsync - heap overflow
  from 0, < 2.5.5-0.2