8 matches found
SUSE CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...
EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2022-2491)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...
EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2022-1688)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-1942)
According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way...
curl: FTP PASV command response can cause curl to connect to arbitrary host
A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...
Code injection
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...
CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...
CVE-2020-8284
CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...