Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2022/03/01 12:0 a.m.30 views

EulerOS 2.0 SP5 : curl (EulerOS-SA-2022-1265)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this wa...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/10/28 12:0 a.m.44 views

F5 Networks BIG-IP : cURL vulnerability (K63525058)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K63525058 advisory. - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.44 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1711)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References2
NVD
NVD
added 2020/12/14 8:15 p.m.24 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS5.8AI score0.03851EPSS
Exploits0References16
Prion
Prion
added 2020/12/14 8:15 p.m.35 views

Code injection

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS5.5AI score0.03851EPSS
Exploits0References16Affected Software16
CVE
CVE
added 2020/12/14 7:38 p.m.388 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
Exploits0References16Affected Software1
Debian CVE
Debian CVE
added 2020/12/14 7:38 p.m.46 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS6.4AI score0.03851EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/12/14 7:38 p.m.74 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS6.5AI score0.03851EPSS
Exploits0
Rows per page
Query Builder