898 matches found
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in...
Open vSwitch 安全漏洞
Open vSwitch is a virtual switch developed as part of the Collaborative Project. There is a security vulnerability in Open vSwitch. This vulnerability arises when configuring conntrack streams that use FTP auxiliary programs. A remote attacker can send a specially crafted FTP stream, resulting in...
TFTP Fetch, Linux Execute Command
Fetch and execute an AARCH64 payload from a TFTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/tftp/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... ms...
Cerberus FTP Server 安全漏洞
Cerberus FTP Server is a Windows-based FTP server from the American company Cerberus. It supports FTP sessions encrypted using FTPS and SFTP. Versions of Cerberus FTP Server prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from insecure inheritance of permissions,...
PT-2026-34847
Name of the Vulnerable Software and Affected Versions basic-ftp versions prior to 5.3.0 Description An issue in the Node.js FTP client allows for a denial of service via unbounded memory growth during the processing of directory listings from a remote FTP server. A malicious or compromised server...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the SFTP authentication process when the server is configured with an empty username and a password using the -b ':pass' flag together with -sftp. An attacker can gain unauthorized access...
CVE-2026-0972
HTML injection is possible in system generated emails in Fortra's GoAnywhere MFT prior to 7.10.0. Note: The title, details, and description of this CVE were corrected post-publishing...
SUSE-SU-2026:1482-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273...
Security update for openvswitch
This update for openvswitch fixes the following issue: Security updates: CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: Update openvswitch to 3.5.4 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
OESA-2026-1962 openvswitch security update
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...
OESA-2026-1960 openvswitch security update
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...
Security update for openvswitch
This update for openvswitch fixes the following issues: CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
OESA-2026-1872 openvswitch security update
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...
OESA-2026-1871 openvswitch security update
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...
DEBIAN-CVE-2026-39983
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...
CVE-2026-39983
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...
EUVD-2018-21760
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...
HTTP Fetch, Windows Executable Download (http,https,ftp) and Execute
Fetch and execute an x86 payload from an HTTP server. Download an EXE from an HTTPS/FTP URL and execute it Module Options msf use payload/cmd/windows/http/x86/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options...
SUSE-SU-2026:20988-1 Security update for gnome-online-accounts, gvfs
This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRL...
zFTP Client 缓冲区错误漏洞
The zFTP Client is a graphical file transfer client tool developed by the zFTP company, which supports the File Transfer Protocol. The zFTP Client version 20061220+dfsg3-4.1 has a buffer error vulnerability. This vulnerability stems from buffer overflows in the handling of the NAME parameter duri...