Lucene search
K

898 matches found

Cvelist
Cvelist
added 2026/05/05 3:45 p.m.42 views

CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...

5.9CVSS0.00405EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.6 views

Open vSwitch 安全漏洞

Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/05/01 7:1 p.m.288 views

TFTP Fetch, Linux Execute Command

Fetch and execute an AARCH64 payload from a TFTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/tftp/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... ms...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.8 views

Cerberus FTP Server 安全漏洞

Cerberus FTP Server is a Windows-based FTP server from the American company Cerberus. It supports FTP sessions encrypted using FTPS and SFTP. Versions of Cerberus FTP Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure inheritance of permissions,...

8.8CVSS5.8AI score0.0026EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.10 views

PT-2026-34847

Name of the Vulnerable Software and Affected Versions basic-ftp versions prior to 5.3.0 Description An issue in the Node.js FTP client allows for a denial of service via unbounded memory growth during the processing of directory listings from a remote FTP server. A malicious or compromised server...

7.5CVSS5.3AI score0.00332EPSS
Exploits1References9
Snyk
Snyk
added 2026/04/22 5:6 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...

9.8CVSS5.6AI score0.00478EPSS
Exploits1References2
NVD
NVD
added 2026/04/21 3:16 p.m.8 views

CVE-2026-0972

HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...

5.4CVSS0.00155EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 10:10 a.m.3 views

SUSE-SU-2026:1482-1 Security update for openvswitch

This update for openvswitch fixes the following issues: - CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/04/17 1:43 p.m.6 views

Security update for openvswitch

This update for openvswitch fixes the following issue: Security updates: CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: Update openvswitch to 3.5.4 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.7AI score0.00405EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 1:2 p.m.8 views

OESA-2026-1962 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 1:2 p.m.9 views

OESA-2026-1960 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/13 8:2 p.m.3 views

Security update for openvswitch

This update for openvswitch fixes the following issues: CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.8AI score0.00405EPSS
Exploits0References4
OSV
OSV
added 2026/04/11 2:4 p.m.9 views

OESA-2026-1872 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/04/11 2:4 p.m.7 views

OESA-2026-1871 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 6:17 p.m.4 views

DEBIAN-CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.3AI score0.02185EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/09 6:17 p.m.0 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.8AI score0.02185EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/04 3:30 p.m.3 views

EUVD-2018-21760

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References4
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.109 views

HTTP Fetch, Windows Executable Download (http,https,ftp) and Execute

Fetch and execute an x86 payload from an HTTP server. Download an EXE from an HTTPS/FTP URL and execute it Module Options msf use payload/cmd/windows/http/x86/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/31 9:8 a.m.1 views

SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs

This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...

4.3CVSS7.4AI score0.0036EPSS
Exploits2References5
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.6 views

zFTP Client 缓冲区错误漏洞

The zFTP Client is a graphical file transfer client tool developed by the zFTP company, which supports the File Transfer Protocol. The zFTP Client version 20061220+dfsg3-4.1 has a buffer error vulnerability. This vulnerability stems from buffer overflows in the handling of the NAME parameter duri...

8.6CVSS6.2AI score0.0015EPSS
Exploits0References3
Rows per page
Query Builder