164 matches found
CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
CVE-2026-23942
CVE-2026-23942 is a path traversal vulnerability in the Erlang OTP ssh_sftpd module. The SFTP server uses a prefix-based check instead of proper path validation, allowing an authenticated user to access sibling directories that share prefixes with the configured root (e.g., root /home/user1 and p...
PT-2026-25164
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...
CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access
Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...
[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42
Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...
Astra Linux - уязвимость в libssh
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...
CVE-2025-11624
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...
CVE-2025-11624 Buffer overwrite when processing file handles with the SFTP server
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...
CVE-2025-11624
CVE-2025-11624 affects wolfSSH (SFTP server side) in wolfSSL. A stack buffer overwrite can occur when processing a malicious SFTP packet whose handle size is larger than the system handle or FD size but smaller than the maximum allowed handle size. The vulnerability is described across multiple s...
CVE-2025-11624 Buffer overwrite when processing file handles with the SFTP server
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...
JLSEC-2025-100 A flaw was found in the SFTP server message decoding logic of libssh
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...
EUVD-2015-8117
Malware in sbrugna...
EUVD-2018-20671
Malware in sbrugna...
EUVD-2017-7325
Malware in sbrugna...
EUVD-2002-1452
Malware in sbrugna...
EUVD-2022-28033
Malicious code in bioql PyPI...
EUVD-2022-46890
Malicious code in bioql PyPI...
EUVD-2025-22738
Malicious code in bioql PyPI...
EUVD-2023-2101
Malicious code in bioql PyPI...