Search for packages
Package details: pkg:deb/ubuntu/rsync@3.0.7-1ubuntu1.1
purl pkg:deb/ubuntu/rsync@3.0.7-1ubuntu1.1
Next non-vulnerable version 3.1.3-6
Latest non-vulnerable version 3.1.3-6
Risk 4.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-3dkg-bayv-aaaf
Aliases:
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
3.1.3-6
Affected by 0 other vulnerabilities.
VCID-44cr-pxwm-aaaq
Aliases:
CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
3.1.3-6
Affected by 0 other vulnerabilities.
VCID-48w1-ugdn-aaab
Aliases:
CVE-2017-17434
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.
3.1.0-2ubuntu0.3
Affected by 6 other vulnerabilities.
3.1.1-3ubuntu1.1
Affected by 6 other vulnerabilities.
VCID-9ug2-84ra-aaak
Aliases:
CVE-2014-9512
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
3.1.0-2ubuntu0.2
Affected by 8 other vulnerabilities.
VCID-d3cz-rn67-aaam
Aliases:
CVE-2017-16548
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
3.1.0-2ubuntu0.4
Affected by 6 other vulnerabilities.
3.1.1-3ubuntu1.2
Affected by 4 other vulnerabilities.
VCID-ny7m-9nme-aaap
Aliases:
CVE-2017-17433
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.
3.1.0-2ubuntu0.3
Affected by 6 other vulnerabilities.
3.1.1-3ubuntu1.1
Affected by 6 other vulnerabilities.
VCID-u4ce-pwp5-aaad
Aliases:
CVE-2016-9841
3.1.3-6
Affected by 0 other vulnerabilities.
VCID-x7vv-h81e-aaak
Aliases:
CVE-2014-2855
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
3.1.0-2ubuntu0.1
Affected by 9 other vulnerabilities.
VCID-xm5a-n949-aaaa
Aliases:
CVE-2018-5764
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
3.1.0-2ubuntu0.4
Affected by 6 other vulnerabilities.
3.1.1-3ubuntu1.2
Affected by 4 other vulnerabilities.
VCID-yeuu-f11j-aaar
Aliases:
CVE-2016-9840
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
3.1.3-6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version