Lucene search
K

164 matches found

Vulnrichment
Vulnrichment
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References7
CVE
CVE
added 2026/03/13 9:11 a.m.56 views

CVE-2026-23942

CVE-2026-23942 is a path traversal vulnerability in the Erlang OTP ssh_sftpd module. The SFTP server uses a prefix-based check instead of proper path validation, allowing an authenticated user to access sibling directories that share prefixes with the configured root (e.g., root /home/user1 and p...

5.4CVSS5.7AI score0.00363EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.13 views

PT-2026-25164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...

5.5CVSS7.2AI score0.00363EPSS
Exploits0References58
OSV
OSV
added 2026/03/11 8:14 p.m.4 views

CVE-2026-32108 Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature the shr global-option. This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the...

2.3CVSS5.8AI score0.00274EPSS
Exploits0References3
Fedora
Fedora
added 2025/12/03 1:40 a.m.13 views

[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits1
Fedora
Fedora
added 2025/12/03 1:12 a.m.16 views

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits1
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.4 views

Astra Linux - уязвимость в libssh

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

6.5CVSS7AI score0.00777EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/22 2:11 p.m.4 views

CVE-2025-11624

Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...

9.8CVSS7.2AI score0.00334EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 1:14 p.m.4 views

CVE-2025-11624 Buffer overwrite when processing file handles with the SFTP server

Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...

1.8CVSS6.2AI score0.00334EPSS
Exploits0References3
CVE
CVE
added 2025/10/21 1:14 p.m.10 views

CVE-2025-11624

CVE-2025-11624 affects wolfSSH (SFTP server side) in wolfSSL. A stack buffer overwrite can occur when processing a malicious SFTP packet whose handle size is larger than the system handle or FD size but smaller than the maximum allowed handle size. The vulnerability is described across multiple s...

9.8CVSS6.8AI score0.00334EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/21 1:14 p.m.10 views

CVE-2025-11624 Buffer overwrite when processing file handles with the SFTP server

Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...

1.8CVSS0.00334EPSS
Exploits0References1
OSV
OSV
added 2025/10/19 6:40 p.m.3 views

JLSEC-2025-100 A flaw was found in the SFTP server message decoding logic of libssh

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

6.5CVSS6.7AI score0.00777EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-8117

Malware in sbrugna...

4CVSS6.4AI score0.01074EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-20671

Malware in sbrugna...

7.5CVSS7.8AI score0.01053EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-7325

Malware in sbrugna...

5.3CVSS6.4AI score0.03359EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1452

Malware in sbrugna...

7.5CVSS6.4AI score0.02865EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-28033

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00863EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-46890

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-22738

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.00777EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-2101

Malicious code in bioql PyPI...

5CVSS6.2AI score0.01311EPSS
Exploits0References8
Rows per page
Query Builder