CVE-2022-29154
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-29154
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
rsync 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
rsync是Wayne Davison个人开发者的一个提供快速增量文件传输的开源实用程序。 rsync 3.2.5之前版本存在安全漏洞,该漏洞源于rsync 客户端对文件名的验证不足。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2022-29154
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | HIP2022 presentation materials. | https://github.com/EgeBalci/CVE-2022-29154 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-29154
请登录查看更多情报信息。
- https://github.com/WayneD/rsync/tagsx_refsource_MISC
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/vendor-advisoryx_refsource_FEDORA
- https://nvd.nist.gov/vuln/detail/CVE-2022-29154
Same Patch Batch · n/a · 2022-08-02 · 38 CVEs total
| CVE-2020-28451 | 9.8 CRITICAL | Command Injection |
| CVE-2020-28423 | 9.8 CRITICAL | Command Injection |
| CVE-2020-28453 | 9.4 CRITICAL | Command Injection |
| CVE-2020-28437 | 9.4 CRITICAL | Command Injection |
| CVE-2020-28434 | 9.4 CRITICAL | Command Injection |
| CVE-2022-25867 | 7.5 HIGH | NULL Pointer Dereference |
| CVE-2020-7795 | 7.3 HIGH | Command Injection |
| CVE-2020-28433 | 7.3 HIGH | Command Injection |
| CVE-2020-28425 | 7.3 HIGH | Command Injection |
| CVE-2020-28424 | 7.2 HIGH | Command Injection |
| CVE-2021-23385 | 5.4 MEDIUM | Open Redirect |
| CVE-2022-35422 | Web Based Quiz System SQL注入漏洞 | |
| CVE-2022-37035 | FRRouting FRR 竞争条件问题漏洞 | |
| CVE-2022-34954 | Pharmacy Management System SQL注入漏洞 | |
| CVE-2022-34955 | Pligg CMS SQL注入漏洞 | |
| CVE-2022-34952 | Pharmacy Management System SQL注入漏洞 | |
| CVE-2022-34950 | Pharmacy Management System SQL注入漏洞 | |
| CVE-2022-34951 | Pharmacy Management System SQL注入漏洞 | |
| CVE-2022-34949 | Pharmacy Management System SQL注入漏洞 | |
| CVE-2022-34948 | Pharmacy Management System SQL注入漏洞 |
Showing top 20 of 38 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2022-29154
No comments yet