Search CVE reports
11 – 20 of 32 results
CVE-2018-25032
Medium priorityzlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
5 affected packages
klibc, mariadb-10.3, mariadb-10.6, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| mariadb-10.3 | — | Not in release | Fixed | Not in release | Ignored |
| mariadb-10.6 | Not in release | Fixed | Not in release | Not in release | Ignored |
| rsync | Not affected | Not affected | Fixed | Fixed | Fixed |
| zlib | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2020-14387
Medium priorityA flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | Not affected | Not affected | Not affected |
CVE-2018-5764
Medium priorityThe parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | Fixed |
CVE-2017-17434
Medium priorityThe daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | Fixed |
CVE-2017-17433
Medium priorityThe recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure,...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | Fixed |
CVE-2017-16548
Low prioritySome fixes available 3 of 4
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | — | Fixed |
CVE-2017-15994
Low priorityrsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync...
1 affected package
rsync
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| rsync | — | — | — | Not affected | Not affected |
CVE-2016-9843
Low prioritySome fixes available 15 of 21
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-9842
Low prioritySome fixes available 15 of 21
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |
CVE-2016-9841
Low prioritySome fixes available 23 of 27
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
3 affected packages
klibc, rsync, zlib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| klibc | Fixed | Fixed | Fixed | Fixed | Fixed |
| rsync | Fixed | Fixed | Fixed | Fixed | Fixed |
| zlib | Not affected | Not affected | Not affected | Not affected | Fixed |