Search for packages
| purl | pkg:deb/debian/rsync@2.6.9-2etch2 |
| Next non-vulnerable version | 3.2.7-1+deb12u5 |
| Latest non-vulnerable version | 3.4.1+ds1-5+deb13u3 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-29gg-j4vp-7bef
Aliases: CVE-2017-17433 |
multiple issues |
Affected by 19 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-2c6b-ufgq-fbcw
Aliases: CVE-2026-43617 |
rsync: rsync: Hostname-based ACL bypass in daemon chroot configuration |
Affected by 2 other vulnerabilities. |
|
VCID-3nrj-48zt-8yf7
Aliases: CVE-2014-9512 |
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. |
Affected by 19 other vulnerabilities. |
|
VCID-556m-a6vw-3bfj
Aliases: CVE-2007-4091 |
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. |
Affected by 22 other vulnerabilities. |
|
VCID-56vk-3vsy-nkef
Aliases: CVE-2007-6199 |
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
Affected by 22 other vulnerabilities. |
|
VCID-6j5d-25zc-r7es
Aliases: CVE-2017-17434 |
multiple issues |
Affected by 19 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-6zwq-zvsq-rfda
Aliases: CVE-2020-14387 |
man-in-the-middle |
Affected by 14 other vulnerabilities. |
|
VCID-ay5s-4hr1-8qe5
Aliases: CVE-2018-5764 |
multiple issues |
Affected by 11 other vulnerabilities. |
|
VCID-be1r-cmk6-dyb9
Aliases: CVE-2026-29518 |
rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. |
Affected by 2 other vulnerabilities. |
|
VCID-bvzk-j9h5-zkem
Aliases: CVE-2016-9842 |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. |
Affected by 11 other vulnerabilities. |
|
VCID-c97r-cqv2-r3h4
Aliases: CVE-2024-12085 |
multiple issues |
Affected by 2 other vulnerabilities. |
|
VCID-f9zn-2jhn-jqg4
Aliases: CVE-2026-43619 |
rsync: rsync: Symlink race vulnerability allows unauthorized file operations |
Affected by 2 other vulnerabilities. |
|
VCID-jrfy-z2we-n7cz
Aliases: CVE-2016-9841 |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
Affected by 11 other vulnerabilities. |
|
VCID-kxm2-1khw-suaq
Aliases: CVE-2017-16548 |
multiple issues |
Affected by 19 other vulnerabilities. Affected by 19 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-mwde-7pds-33c5
Aliases: CVE-2014-2855 |
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. |
Affected by 19 other vulnerabilities. |
|
VCID-nh72-az7j-wqde
Aliases: CVE-2024-12747 |
multiple issues |
Affected by 2 other vulnerabilities. |
|
VCID-rt4a-vn86-vfd1
Aliases: CVE-2024-12088 |
multiple issues |
Affected by 2 other vulnerabilities. |
|
VCID-rub5-mpqy-qke8
Aliases: CVE-2024-12086 |
multiple issues |
Affected by 2 other vulnerabilities. |
|
VCID-tm8c-43cn-3fa4
Aliases: CVE-2016-9840 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
Affected by 11 other vulnerabilities. |
|
VCID-twpz-szrq-4ug3
Aliases: CVE-2008-1720 |
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. |
Affected by 22 other vulnerabilities. |
|
VCID-uaqx-g92v-sbdh
Aliases: CVE-2016-9843 |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. |
Affected by 11 other vulnerabilities. |
|
VCID-vfqu-z1s4-mfa2
Aliases: CVE-2026-43620 |
rsync: rsync: Remote Denial of Service via Out-of-bounds Read |
Affected by 2 other vulnerabilities. |
|
VCID-w5qp-r7dz-h7fk
Aliases: CVE-2007-6200 |
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. |
Affected by 22 other vulnerabilities. |
|
VCID-wc4u-jz1n-eff9
Aliases: CVE-2026-43618 |
rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding |
Affected by 2 other vulnerabilities. |
|
VCID-x81r-ud9r-8ybd
Aliases: CVE-2011-1097 |
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data. |
Affected by 21 other vulnerabilities. |
|
VCID-yamy-3z1h-kqaf
Aliases: CVE-2024-12087 |
multiple issues |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||