Количество 31
Количество 31
RLSA-2025:2600
Moderate: rsync security update
ELSA-2025-7050
ELSA-2025-7050: rsync security update (MODERATE)
ELSA-2025-2600
ELSA-2025-2600: rsync security update (MODERATE)
SUSE-SU-2025:0166-1
Security update for rsync
SUSE-SU-2025:0165-1
Security update for rsync
SUSE-SU-2025:0157-1
Security update for rsync
SUSE-SU-2025:0156-1
Security update for rsync
ROS-20250203-04
Множественные уязвимости rsync
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
CVE-2024-12747
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condi ...
SUSE-SU-2025:0991-1
Security update for rsync
GHSA-gp7r-m4cc-qhwq
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
BDU:2025-00372
Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии
CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVE-2024-12087
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2025:2600 Moderate: rsync security update | около 1 месяца назад | ||
| ELSA-2025-7050 ELSA-2025-7050: rsync security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2025-2600 ELSA-2025-2600: rsync security update (MODERATE) | 3 месяца назад | ||
 | SUSE-SU-2025:0166-1 Security update for rsync | 5 месяцев назад | ||
| SUSE-SU-2025:0165-1 Security update for rsync | 5 месяцев назад | ||
| SUSE-SU-2025:0157-1 Security update for rsync | 5 месяцев назад | ||
| SUSE-SU-2025:0156-1 Security update for rsync | 5 месяцев назад | ||
 | ROS-20250203-04 Множественные уязвимости rsync | CVSS3: 9.8 | 5 месяцев назад | |
 | CVE-2024-12747 A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | CVSS3: 5.6 | 0% Низкий | 5 месяцев назад |
 | CVE-2024-12747 A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | CVSS3: 5.6 | 0% Низкий | 5 месяцев назад |
 | CVE-2024-12747 A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | CVSS3: 5.6 | 0% Низкий | 5 месяцев назад |
 | CVSS3: 5.6 | 0% Низкий | 5 месяцев назад | |
| CVE-2024-12747 A flaw was found in rsync. This vulnerability arises from a race condi ... | CVSS3: 5.6 | 0% Низкий | 5 месяцев назад |
| SUSE-SU-2025:0991-1 Security update for rsync | 0% Низкий | 3 месяца назад | |
| GHSA-gp7r-m4cc-qhwq A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | CVSS3: 5.6 | 0% Низкий | 5 месяцев назад |
 | BDU:2025-00372 Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии | CVSS3: 5.6 | 0% Низкий | 6 месяцев назад |
| CVE-2024-12087 A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад |
| CVE-2024-12087 A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад |
| CVE-2024-12087 A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | CVSS3: 6.5 | 0% Низкий | 5 месяцев назад |
| CVSS3: 6.5 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу