[SECURITY] Fedora 34 Update: libssh-0.9.6-1.fc34

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 35 Update: libssh-0.9.6-1.fc35

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

IBM Aspera Cross-Site Scripting Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM U.S. A cross-site scripting vulnerability exists in IBM Aspera Cloud, which could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended...

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-87025)

IBM Sterling File Gateway is a suite of file transfer software from IBM Corporation. The software integrates different file transfer activity centers and helps file-based data to be securely exchanged over the Internet.An information disclosure vulnerability exists in IBM Sterling File Gateway,...

The vulnerability of the SFTP service in the agent management software environment for ConfD network elements allows attackers to escalate their privileges.

The vulnerability of the SFTP service in the agent software environment for ConfD network elements is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

libcurl 资源管理错误漏洞

HAXX Haxx libcurl is a free, open source client-side URL transport library from the Swedish company HAXX. The library supports FTP, FTPS, TFTP, HTTP and more. Haxx libcurl suffers from a resource management error vulnerability that arises from mismanagement of system resources e.g., memory, disk...

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

CVE-2021-34718 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

Penelope - Shell Handler

Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way. Among the main...

EulerOS 2.0 SP5 : spice-vdagent (EulerOS-SA-2021-2350)

According to the versions of the spice-vdagent package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged...

DEBIAN-CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

UBUNTU-CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

PT-2021-22897 · Gnu +2 · Gnu Inetutils +2

Name of the Vulnerable Software and Affected Versions: GNU Inetutils versions prior to 2.2 Description: The issue concerns the ftp client in GNU Inetutils, which fails to validate addresses returned by PASV/LSPV responses, ensuring they match the server address. Recommendations: For GNU Inetutils...

CVE-2021-22793

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ Versions prior to V1.6.7 and AccuSine PCSn Versions prior to V2.2.4 that could allow an authenticated attacker to access the device via FTP protocol...

UBUNTU-CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

GNU Midnight Commander 授权问题漏洞

GNU Midnight Commander is a visual file manager. A security vulnerability exists in Midnight Commander that stems from the fact that starting with version 4.8.26, the server's fingerprint is neither checked nor displayed when Midnight Commander establishes an SFTP connection. An attacker could us...

The vulnerability of the implementation of TFTP packet processing functions in the TCP/IP NicheLite and InterNiche solutions allows a hacker to induce a service failure.

The vulnerability of the implementation of TFTP packet processing functions in TCP/IP NicheLite and InterNiche lies in errors that occur when a string or array is terminated with a NULL character. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

python: ftplib should not use the host from the PASV response

A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecti...