Vulnerabilities > Pizzashack

DATE CVE VULNERABILITY TITLE RISK
2019-02-06 CVE-2019-3464 Improper Initialization vulnerability in multiple products
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-665
critical
9.8
2019-02-06 CVE-2019-3463 Argument Injection or Modification vulnerability in multiple products
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
network
low complexity
pizzashack debian fedoraproject canonical CWE-88
critical
9.8
2019-02-04 CVE-2019-1000018 Command Injection vulnerability in multiple products
rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution.
7.8