Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS9.3AI score0.03851EPSS
Exploits0References140
Tenable Nessus
Tenable Nessus
added 2022/10/09 12:0 a.m.27 views

EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2022-2491)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/07 12:0 a.m.28 views

EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2022-1688)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.33 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-1942)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way...

4.3CVSS6.5AI score0.03851EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/05/18 3:28 p.m.3 views

curl: FTP PASV command response can cause curl to connect to arbitrary host

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References5
Prion
Prion
added 2020/12/14 8:15 p.m.34 views

Code injection

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS5.5AI score0.03851EPSS
Exploits0References16Affected Software16
Vulnrichment
Vulnrichment
added 2020/12/14 7:38 p.m.3 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

6.7AI score0.03851EPSS
Exploits0References16
CVE
CVE
added 2020/12/14 7:38 p.m.386 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
Exploits0References16Affected Software1
Rows per page
Query Builder