Search CVE reports
1 – 10 of 26 results
CVE-2023-45853
Medium priorityMiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE:...
3 affected packages
klibc, rsync, zlib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
klibc | Not affected | Not affected | Not affected | Not affected | Not affected |
rsync | Not affected | Not affected | Not affected | Not affected | Not affected |
zlib | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-42800
Medium priorityThis issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause...
2 affected packages
rsync, zlib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | Not affected | Not affected | Not affected | Not affected |
zlib | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-37434
Medium priorityzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle...
3 affected packages
klibc, rsync, zlib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
rsync | Not affected | Not affected | Fixed | Fixed | Fixed |
zlib | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2022-29154
Medium prioritySome fixes available 3 of 5
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However,...
1 affected package
rsync
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | Fixed | Fixed | Fixed | Ignored |
CVE-2018-25032
Medium priorityzlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
5 affected packages
klibc, mariadb-10.3, mariadb-10.6, rsync, zlib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
mariadb-10.3 | — | Not in release | Fixed | Not in release | Ignored |
mariadb-10.6 | Not in release | Fixed | Not in release | Not in release | Ignored |
rsync | Not affected | Not affected | Fixed | Fixed | Fixed |
zlib | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2020-14387
Medium priorityA flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack...
1 affected package
rsync
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | — | Not affected | Not affected | Not affected |
CVE-2018-5764
Medium priorityThe parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
1 affected package
rsync
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | — | — | — | Fixed |
CVE-2017-17434
Medium priorityThe daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply...
1 affected package
rsync
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | — | — | — | Fixed |
CVE-2017-17433
Medium priorityThe recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure,...
1 affected package
rsync
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | — | — | — | Fixed |
CVE-2017-16548
Low prioritySome fixes available 3 of 4
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and...
1 affected package
rsync
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rsync | — | — | — | — | Fixed |