Lucene search
K

276 matches found

OSV
OSV
added 2025/12/05 9:15 p.m.4 views

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

4.2CVSS5.8AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 8:56 p.m.19 views

CVE-2025-8148 CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

4.2CVSS0.00149EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software from Fortra, Inc. A security vulnerability exists in Fortra GoAnywhere MFT versions prior to 7.9.0, which stems from improper access control of the SFTP service, and could result in a Web user logging in with an SSH key...

4.2CVSS6.6AI score0.00149EPSS
Exploits0References2
Fedora
Fedora
added 2025/12/03 12:59 a.m.9 views

[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

7.5CVSS7AI score0.00626EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-3858)

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. This plugin only works with Tenable.ot...

9.1CVSS6.9AI score0.06448EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.2 views

RHEL 10 : libssh (RHSA-2025:21013)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21013 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh:...

8.1CVSS6.6AI score0.02394EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/07 9:30 a.m.5 views

EUVD-2025-38240

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

6.7AI score0.00373EPSS
Exploits1References5
OSV
OSV
added 2025/11/07 8:15 a.m.4 views

ALPINE-CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.1AI score0.00373EPSS
Exploits1References1
CVE
CVE
added 2025/11/07 7:26 a.m.51 views

CVE-2025-10966

CVE-2025-10966 affects curl by a flaw in its SSH connection handling when SFTP uses the wolfSSH backend, causing missed host verification and allowing MITM-like issues. The connected Nessus advisories for EulerOS, Unity Linux, Photon OS, and related OS advisories repeatedly reference this CVE as ...

4.3CVSS6.7AI score0.00373EPSS
Exploits1References5Affected Software1
curl security advisories
curl security advisories
added 2025/11/05 8:0 a.m.8 views

missing SFTP host verification with wolfSSH

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS5.1AI score0.00373EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.7 views

PT-2025-44353

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description If SSH session multiplexing was configured on the client side, SSH sessions such as scp and sftp multiplexed onto the same channel could perform file-system operations after a configured...

5.3CVSS6.5AI score0.00104EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/10/23 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7831-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.8AI score0.00402EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.4 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Erlang vulnerabilities (USN-7831-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7831-1 advisory. It was discovered that Erlang incorrectly handled resource allocation and...

7.1CVSS5.9AI score0.00402EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/21 3:30 p.m.5 views

EUVD-2025-35172

Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed...

1.8CVSS6.7AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/21 12:0 a.m.7 views

PT-2025-42885

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A stack buffer overwrite can occur on the SFTP server side when receiving a malicious packet. The issue arises when the packet's handle size exceeds the system handle or file descriptor size, but remains withi...

9.8CVSS6.6AI score0.00334EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/16 2:51 p.m.5 views

CVE-2025-53868

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

9.1CVSS6.7AI score0.00408EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 3:30 p.m.13 views

EUVD-2025-34633

When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.2AI score0.00408EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/10/15 11:1 a.m.12 views

K000151902: BIG-IP SCP and SFTP vulnerability CVE-2025-53868

Security Advisory Description When running in Appliance mode, a highly privileged authenticated attacker with access to Secure Copy SCP protocol and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. CVE-2025-53868 Impact In Appliance mode, an authenticated attacke...

8.7CVSS5.9AI score0.00408EPSS
Exploits0Affected Software12
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.7 views

F5 BIG-IP 操作系统命令注入漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. F5 BIG-IP suffers from an operating system command injection vulnerability that originates from an elevated privilege...

9.1CVSS7.3AI score0.00408EPSS
Exploits0References1
OSV
OSV
added 2025/10/11 1:20 p.m.4 views

OESA-2025-2369 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Allocation of Resources Without Limits or Throttling...

5.3CVSS6.9AI score0.00359EPSS
Exploits0References2
Rows per page
Query Builder