VYPR

rpm package

suse/rsync&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Vulnerabilities (7)

  • CVE-2024-12747MedJan 14, 2025
    affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1

    A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was p

  • CVE-2024-12088MedJan 14, 2025
    affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary fil

  • CVE-2024-12087MedJan 14, 2025
    affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1

    A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option,

  • CVE-2024-12086MedJan 14, 2025
    affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1

    A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the cli

  • CVE-2024-12085HigJan 14, 2025
    affected < 3.2.3-150000.4.33.1fixed 3.2.3-150000.4.33.1

    A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a ti

  • CVE-2022-29154Aug 2, 2022
    affected < 3.2.3-150000.4.23.2fixed 3.2.3-150000.4.23.2

    An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of

  • CVE-2020-14387May 27, 2021
    affected < 3.2.3-150000.4.23.2fixed 3.2.3-150000.4.23.2

    A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which