Lucene search
K

154 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.45 views

Amazon Linux 2023 : squid (ALAS2023-2023-429)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-429 advisory. 2023-12-06: CVE-2023-46728 was added to this advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 pri...

9.3CVSS6.7AI score0.10221EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2023/10/09 9:15 p.m.4 views

CVE-2023-43271

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/07/31 12:0 a.m.37 views

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-2500)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

9.8CVSS7.2AI score0.02195EPSS
Exploits5References6
Hacker One
Hacker One
added 2023/03/05 9:25 p.m.154 views

curl: CVE-2023-27535: FTP too eager connection reuse

A vulnerability existed in libcurl FTPS protocol that allowed the reuse of a connection even if different credentials were specified for different connections, resulting in the use of cached credentials for the wrong content. The vulnerability was caused by the failure to refuse caching when...

5.9CVSS7.3AI score0.01607EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.5 views

SUSE CVE-2015-4643

Integer overflow in the ftpgenlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because ...

9.8CVSS9.5AI score0.16948EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.4 views

SUSE CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

3.7CVSS7.2AI score0.08465EPSS
Exploits0References24
Debian CVE
Debian CVE
added 2022/08/24 12:0 a.m.38 views

CVE-2021-4189

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...

5.3CVSS7.5AI score0.02511EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.20 views

Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6843)

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware version prior to V3.10, Modicon M340 all firmware versions, and Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading...

4.9CVSS5.3AI score0.00959EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.21 views

Schneider Electric Modicon Cleartext Transmission of Sensitive Information (CVE-2019-6846)

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause information disclosure when using the FTP protocol. This plugin only works with Tenable.ot. Please visit...

6.5CVSS6.5AI score0.00981EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.17 views

Schneider Electric Modicon Improper Handling of Exceptional Conditions (CVE-2019-6844)

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid we...

4.9CVSS5.3AI score0.00959EPSS
Exploits0References2
OSV
OSV
added 2021/11/09 9:38 a.m.31 views

RLSA-2021:4511 Moderate: curl security and bug fix update

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: Leak of authentication credentials in URL via automatic Referer CVE-2021-22876 curl: TELNET stack contents disclosure...

3.7CVSS6.1AI score0.05301EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2021/10/12 10:33 p.m.28 views

OS Command Injection in ftpd

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...

10CVSS8.1AI score0.03544EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/10/12 10:33 p.m.13 views

GHSA-7VXR-6CXG-J3X8 OS Command Injection in ftpd

The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic...

9.8CVSS10AI score0.03544EPSS
Exploits1References5
curl security advisories
curl security advisories
added 2021/09/15 8:0 a.m.12 views

Protocol downgrade required TLS bypassed

A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line or CURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL with libcurl. This requirement could be bypassed if the server would return a properly crafted but...

7.5CVSS6.5AI score0.04224EPSS
Exploits1References1Affected Software2
NVD
NVD
added 2021/09/02 5:15 p.m.11 views

CVE-2021-22793

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...

7.2CVSS0.0096EPSS
Exploits0References2
Prion
Prion
added 2021/09/02 5:15 p.m.11 views

Design/Logic Flaw

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...

6.5CVSS6.8AI score0.0096EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/09/02 4:53 p.m.12 views

CVE-2021-22793

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...

7AI score0.0096EPSS
Exploits0References1
CVE
CVE
added 2021/09/02 4:53 p.m.41 views

CVE-2021-22793

CVE-2021-22793 affects Schneider Electric AccuSine PCS+ / PFV+ (before v1.6.7) and AccuSine PCSn (before v2.2.4). The issue is CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. An authenticated attacker could access the device via FTP, exposing sensitive information. Connected ...

7.2CVSS6.8AI score0.0096EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/08/05 3:5 p.m.4 views

ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host

Ruby's Net::FTP module trusted the IP address included in the FTP server's response to the PASV command. A malicious FTP server could use this to make Ruby applications using the Net::FTP module to connect to arbitrary hosts and use this to perform port scanning or information extraction from...

5.8CVSS6.9AI score0.0305EPSS
Exploits1References5
Veracode
Veracode
added 2021/07/26 11:17 p.m.5 views

Denial Of Service (DoS)

apk-tools:edge is vulnerable to denial of service. The vulnerability occurs when numeric strings in the FTP and HTTP protocols are mishandled...

9.1CVSS6.5AI score0.02637EPSS
Exploits1References11Affected Software1
Rows per page
Query Builder