Vulnerabilities > Samba > Rsync

DATE CVE VULNERABILITY TITLE RISK
2022-08-02 CVE-2022-29154 Improper Input Validation vulnerability in multiple products
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.
network
high complexity
samba fedoraproject CWE-20
7.4
2021-05-27 CVE-2020-14387 Unspecified vulnerability in Samba Rsync
A flaw was found in rsync in versions since 3.2.0pre1.
network
high complexity
samba
7.4
2018-01-17 CVE-2018-5764 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
network
low complexity
samba debian canonical
7.5
2017-12-06 CVE-2017-17434 The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
network
low complexity
samba debian
critical
9.8
2017-12-06 CVE-2017-17433 Missing Authorization vulnerability in multiple products
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
network
high complexity
debian samba CWE-862
3.7
2017-11-06 CVE-2017-16548 Out-of-bounds Read vulnerability in multiple products
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
network
low complexity
samba debian canonical CWE-125
critical
9.8
2017-10-29 CVE-2017-15994 Improper Validation of Integrity Check Value vulnerability in Samba Rsync
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.
network
low complexity
samba CWE-354
critical
9.8