Comment by mhw

My reading is that the first two CVEs are with rsync daemon, but the others are more general - I think "rsync server" is meaning the remote rsync process that is started when you use ssh to connect to the remote. Some of them suggest the rsync client (running on your machine) can be coerced to write to unexpected locations by a malicious rsync server specifically crafted to exploit these CVEs. One suggests a malicious rsync server might be able to reconstruct the contents of arbitrary files on the client using requests sent via the rsync protocol.

I guess the main takeaway is to be careful using rsync connections to machines that you don't trust.