32 matches found
AZL-57401 CVE-2025-22869 affecting package moby-engine for versions less than 25.0.3-11
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57289 CVE-2025-22869 affecting package cri-o 1.30.1-1
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57369 CVE-2025-22869 affecting package kubevirt for versions less than 1.2.0-15
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
GO-2025-3487 Potential denial of service in golang.org/x/crypto
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
Xlight FTP 输入验证错误漏洞
Xlight FTP is a high performance and easy to use FTP server software from Xlight FTP Inc. Make file transfers secure and easy to use. A security vulnerability exists in Xlight FTP versions prior to 3.9.4.3 that stems from an integer overflow in the SFTP server packet parsing logic, which could le...
[SECURITY] Fedora 39 Update: filezilla-3.67.0-1.fc39
FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS FTPS and SSH File Transfer Protocol SFTP - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfe...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a missing allocation check in sftp server processing read requests. A malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which is not being checked for failure. For...
UBUNTU-CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
CVE-2022-38337
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service DoS for the user if services like fail2ban are used...
openssh bug fix update
An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...
GNU Midnight Commander 授权问题漏洞
GNU Midnight Commander is a visual file manager. A security vulnerability exists in Midnight Commander that stems from the fact that starting with version 4.8.26, the server's fingerprint is neither checked nor displayed when Midnight Commander establishes an SFTP connection. An attacker could us...
security flaw
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs...