Alibaba Cloud Linux 3 : 0141: go-toolset:an8 (ALINUX3-SA-2025:0141)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0141 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-4674: The go command may execute unexpecte...

CVE-2011-10029 Solar FTP Server <= 2.1.1 Malformed USER Denial of Service

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output1 function of sfsservice.exe. This results in a denial of service DoS condition...

CVE-2010-20045

FileWrangler = 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires...

CVE-2010-20045 FileWrangler <= 5.30 Stack Buffer Overflow

FileWrangler = 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires...

PT-2025-34110 · Undefined · Undefined

Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the output 1 function of sfsservice.exe. This results in a denial of service DoS conditio...

ALSA-2025:13935 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages...

Linux Distros Unpatched Vulnerability : CVE-2021-41092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login...

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2012-10055

CVE-2012-10055 affects ComSndFTP FTP Server v1.3.7 Beta. The vulnerability is a format-string flaw in the handling of the USER command that can overwrite a hardcoded function pointer (WSACleanup from Ws2_32.dll) in memory, enabling an attacker to redirect control flow and bypass DEP via a ROP cha...

AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

CVE-2025-41675

A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command...

GHSA-MQCP-P2HV-VW6X Withdrawn Advisory: Thor can construct an unsafe shell command from library input.

Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. Origina...

CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

PT-2025-28143 · Frauscher · Fds102

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command while uploading a config file via...

CVE-2025-26412 Undocumented Root Shell Access in SIMCom SIM7600G Modem

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

The vulnerability of the AT+MFMAC command in the microprogramming software for Industrial Routers Microhard IPn4Gii-NA2 and BulletLTE-NA2 allows a hacker to enhance their privileges.

The vulnerability of the AT+MFMAC microprogramming software for Industrial Routers Microhard IPn4Gii-NA2 and BulletLTE-NA2 lies in the implementation or modification of certain arguments. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2025-5221 FreeFloat FTP Server QUOTE Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

CVE-2023-25369

Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command...