Количество 33
Количество 33
CVE-2024-12747
Rsync: race condition in rsync handling symbolic links
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condi ...
CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2024-12088
CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the r ...
SUSE-SU-2025:1330-1
Security update for rsync
SUSE-SU-2025:0991-1
Security update for rsync
GHSA-gp7r-m4cc-qhwq
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
GHSA-ffph-g3pc-8r3g
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
BDU:2025-00373
Уязвимость конфигурации -safe-links демона rsyncd утилиты для передачи и синхронизации файлов Rsync, позволяющая нарушителю записывать произвольные файлы
BDU:2025-00372
Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-12747 Rsync: race condition in rsync handling symbolic links | CVSS3: 5.6 | 0% Низкий | около 1 года назад |
| CVE-2024-12747 A flaw was found in rsync. This vulnerability arises from a race condi ... | CVSS3: 5.6 | 0% Низкий | около 1 года назад |
 | CVE-2024-12088 A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | CVSS3: 6.5 | 3% Низкий | около 1 года назад |
 | CVE-2024-12088 A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | CVSS3: 6.5 | 3% Низкий | около 1 года назад |
 | CVE-2024-12088 A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | CVSS3: 6.5 | 3% Низкий | около 1 года назад |
| CVSS3: 7.5 | 3% Низкий | около 1 года назад | |
| CVE-2024-12088 A flaw was found in rsync. When using the `--safe-links` option, the r ... | CVSS3: 6.5 | 3% Низкий | около 1 года назад |
 | SUSE-SU-2025:1330-1 Security update for rsync | 3% Низкий | 10 месяцев назад | |
| SUSE-SU-2025:0991-1 Security update for rsync | 0% Низкий | 11 месяцев назад | |
| GHSA-gp7r-m4cc-qhwq A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | CVSS3: 5.6 | 0% Низкий | около 1 года назад |
| GHSA-ffph-g3pc-8r3g A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | CVSS3: 6.5 | 3% Низкий | около 1 года назад |
 | BDU:2025-00373 Уязвимость конфигурации -safe-links демона rsyncd утилиты для передачи и синхронизации файлов Rsync, позволяющая нарушителю записывать произвольные файлы | CVSS3: 6.5 | 3% Низкий | около 1 года назад |
| BDU:2025-00372 Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии | CVSS3: 5.6 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу