898 matches found
CVE-2025-34299
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...
CVE-2025-34299
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious SFTP server...
CVE-2025-10966
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
CURL-CVE-2025-10966 missing SFTP host verification with wolfSSH
curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...
编号撤回
dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...
编号撤回
dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...
EUVD-2025-35832
In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...
AZL-68769 CVE-2025-40018 affecting package kernel for versions less than 6.6.112.1-2
In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...
CVE-2025-40018
The CVE-2025-40018 issue in the Linux kernel’s ipvs code (ip_vs_ftp) arose from unregistering ip_vs_ftp during netns cleanup before flushing connections, which could lead to use-after-free. The fix introduces a global exiting_module flag: ip_vs_ftp_exit() sets it true before unregistering the per...
CVE-2025-40018
In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...
CVE-2025-40018 ipvs: Defer ip_vs_ftp unregister during netns cleanup
In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...
Juniper Junos OS Vulnerability (JSA103167)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA103167 advisory. - An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write...
CVE-2025-10641
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...
USN-7831-1: Erlang vulnerabilities
It was discovered that Erlang incorrectly handled resource allocation and consumption in the SFTP SSH module. An attacker could possibly use this issue cause Erlang to consume excessive resources, leading to a denial of service...
CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...
CVE-2025-10641 Unencrypted cleartext communication in EfficientLab WorkExaminer Professional
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted sensitive data. An attacker can also freely modify the data on the wire. The monitoring clients transmit the...
CVE-2025-10639 Usage of Hardcoded FTP Credentials EfficientLab WorkExaminer Professional
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...
Work Examiner Professional 安全漏洞
Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from the use of weakly hard-coded credentials by the FTP server, which could lead to data modification or reading and remote code...
CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-53845
An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests...