Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004933 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004929 advisory. When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally...

Improper Access Control

Pterodactyl is vulnerable to Improper Access Control. The vulnerability is due to failure to revoke active SFTP sessions when user permissions are removed or modified, which allows an attacker with an existing SFTP connection to retain unauthorized file access after their privileges are revoked...

CVE-2021-47865

A flaw was found in ProFTPD. A remote attacker can exploit this denial of service DoS vulnerability by creating multiple simultaneous File Transfer Protocol FTP connections. This action can exhaust the server's connection limits, preventing legitimate users from accessing the service...

CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2021-47865 ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2021-47865

CVE-2021-47865 affects ProFTPD 1.3.7a. The vulnerability allows remote denial of service by spawning multiple simultaneous FTP connections, using threading to exhaust server connection limits and block legitimate users. Documented impact is high (availability impact), with CVSS 3.1/4.0 vectors sh...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.161-2.6.12.0.AXS4 (AXSA:2017-2469:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2469:04 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

SUSE CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to...

CVE-2021-47794

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a...

CVE-2021-47794

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a...

MiracleLinux 4 : wget-1.12-5.AXS4.1 (AXSA:2014-673:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-673:03 advisory. Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.151-1.b12.AXS4 (AXSA:2017-2337:08)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2337:08 advisory. Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to...

CVE-2021-47794 ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a...

CVE-2021-47794

CVE-2021-47794 affects ZesleCP 3.1.9. An authenticated attacker can exploit the FTP account creation endpoint to inject a reverse shell command, enabling remote code execution via shell injection in the created FTP accounts. The vulnerability is network-based with low attack complexity and requir...

RHSA-2026:0606 Red Hat Security Advisory: vsftpd security update

Bulletin has no description...

RLSA-2026:0608 Moderate: vsftpd security update

The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 For more details about the security issues, including the...