154 matches found
Amazon Linux 2023 : squid (ALAS2023-2023-429)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-429 advisory. 2023-12-06: CVE-2023-46728 was added to this advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 pri...
CVE-2023-43271
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols...
EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2500)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...
curl: CVE-2023-27535: FTP too eager connection reuse
A vulnerability existed in libcurl FTPS protocol that allowed the reuse of a connection even if different credentials were specified for different connections, resulting in the use of cached credentials for the wrong content. The vulnerability was caused by the failure to refuse caching when...
SUSE CVE-2015-4643
Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...
SUSE CVE-2017-1000254
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...
CVE-2021-4189
A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...
Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6843)
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware version prior to V3.10, Modicon M340 all firmware versions, and Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading...
Schneider Electric Modicon Cleartext Transmission of Sensitive Information (CVE-2019-6846)
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause information disclosure when using the FTP protocol. This plugin only works with Tenable.ot. Please visit...
Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6844)
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid we...
RLSA-2021:4511 Moderate: curl security and bug fix update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...
OS Command Injection in ftpd
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...
GHSA-7VXR-6CXG-J3X8 OS Command Injection in ftpd
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...
Protocol downgrade required TLS bypassed
A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line or CURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL with libcurl. This requirement could be bypassed if the server would return a properly crafted but...
CVE-2021-22793
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...
Design/Logic Flaw
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...
CVE-2021-22793
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...
CVE-2021-22793
CVE-2021-22793 affects Schneider Electric AccuSine PCS+ / PFV+ (before v1.6.7) and AccuSine PCSn (before v2.2.4). The issue is CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. An authenticated attacker could access the device via FTP, exposing sensitive information. Connected ...
ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host
Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...
Denial Of Service (DoS)
apk-tools:edge is vulnerable to denial of service. The vulnerability occurs when numeric strings in the FTP and HTTP protocols are mishandled...