6 new CVEs in "rsync".
"In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on."
That would be CVE-2024-12084 (9.8) AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, a heap-based buffer overflow in rsyncd.