Vulnerabilities > Pizzashack

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2019-3464 Improper Initialization vulnerability in multiple products
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-665
critical
9.8
2019-02-06 CVE-2019-3463 Argument Injection or Modification vulnerability in multiple products
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-88
critical
9.8
2019-02-04 CVE-2019-1000018 Command Injection vulnerability in multiple products
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution.
7.8
2013-01-11 CVE-2012-2252 Remote Arbitrary Command Execution vulnerability in rssh Command Line Filtering
Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.
local
pizzashack
4.4
2013-01-11 CVE-2012-2251 Improper Input Validation vulnerability in Pizzashack Rssh 2.3.2
rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.
4.4
2012-08-31 CVE-2012-3478 Permissions, Privileges, and Access Controls vulnerability in Pizzashack Rssh
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
local
low complexity
pizzashack CWE-264
2.1
2004-10-23 CVE-2004-1628 USE of Externally-Controlled Format String vulnerability in Pizzashack Rssh
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
network
low complexity
pizzashack CWE-134
critical
9.0