A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper …

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote at…

A flaw was found in rsync which could be triggered when rsync compares file checksums. This fla…

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by l…

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file …

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent mult…

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have…

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a …

Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allo…

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for …

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to …

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might…

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by …

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to prop…

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows r…

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers …

Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for r…

rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without us…

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp…

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execu…

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allow…

Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and e…

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-re…

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development befor…

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary fi…

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arb…

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate w…

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier f…

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows …

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token…

Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in…

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handl…

Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in th…

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort …

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon…

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bound…

Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in d…

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based syst…