PT-2024-2575 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system...

apache-mina-sshd: information exposure in SFTP server implementations

A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope...

Bastion Access Control Error Vulnerability

Bastion is a group of machines used as a single entry point for operational teams to securely connect to devices. An Access Control Error vulnerability exists in Bastion versions 3.0.0 through 3.14.0, which originates in MFA where a group or individual can force an SCP/SFTP connection through...

curl: SFTP path ~ resolving discrepancy

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

secudos qiata fta security breach

secudos qiata fta is a secure file transfer software from Secudos Germany. The software is suitable for file operations between teams and complies with the GDPR protocol for data security. A security vulnerability exists in SECUDOS Qiata version 4.13, which stems from the presence of insecure...

mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...

CVE-2023-20115

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is d...

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time management web platform allows a violator to write arbitrary files.

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time-off management web platform is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

kernel: Linux kernel: Denial of Service due to memory allocation failure in vhost/vsock

A flaw was found in the Linux kernel's vhost/vsock component. A local user could trigger a memory allocation failure when copying large files over sftp SSH File Transfer Protocol over vsock virtual socket. This issue occurs because the kernel's kmalloc function fails to allocate sufficient memory...

CLSA-2023-1682348435 curl: Fix of CVE-2023-27534

CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...

AZL-25847 CVE-2023-27534 affecting package curl for versions less than 8.0.1-1

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

SFTP path ~ resolving discrepancy

curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC...

CVE-2022-47986

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...

PT-2023-14601 · Siemens · Sinec Ins

Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 1 Description: A vulnerability has been identified that allows an authenticated remote attacker with access to the Web Based Management 443/tcp and the SFTP server 22/tcp to potentially read and wri...

Mobatek MobaXterm 信任管理问题漏洞

Mobatek MobaXterm is a suite of terminal software from the French company Mobatek that integrates an enhanced terminal, an X server and a Unix command set GNU/Cygwin. A security vulnerability exists in Mobatek MobaXterm versions prior to v22.1, which originates when aborting an SFTP connection,...

PT-2022-24374 · Mobaxterm · Mobaxterm

Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 22.1 Description: An access control issue allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. Recommendations: For versions prior to 22.1, update to version 22.1...

USN-5160-1 mc vulnerability

It was discovered that Midnight Commander would not check server fingerprints when establishing an SFTP connection. If a remote attacker were able to intercept communications this flaw could be exploited to impersonate the SFTP server...

CVE-2022-30270

The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5...

ZTE ZXMP M721 权限许可和访问控制问题漏洞

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE Corporation ZTE in China.The ZTE ZXMP M721 has a privilege and access control vulnerability, which stems from the fact that the folder privilege viewed by sftp is 666, which is inconsistent with the actual privilege,...

mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0...