PizzashackCVEs & Vulnerabilities

7 CVEs affecting Pizzashack products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

rssh 32
CVE-2019-3464CRITICAL

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

6 Feb 2019
9.8
CVSS
CVE-2019-3463CRITICAL

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.

6 Feb 2019
9.8
CVSS
CVE-2019-1000018HIGH

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission.

4 Feb 2019
7.8
CVSS
CVE-2012-2252MEDIUM

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option.

11 Jan 2013
4.4
CVSS
CVE-2012-2251MEDIUM

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option.

11 Jan 2013
4.4
CVSS
CVE-2012-3478LOW

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.

31 Aug 2012
2.1
CVSS
CVE-2004-1628CRITICAL

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.

23 Oct 2004
9.0
CVSS
← PrevPage 1 / 1Next →