Lucene search
K

15 matches found

OSV
OSV
added 2026/06/10 4:17 p.m.4 views

UBUNTU-CVE-2026-48858

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

6.5CVSS5.5AI score0.00234EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 4:26 p.m.4 views

ROOT-APP-NPM-GHSA-RP42-5VXX-QPWR GHSA-rp42-5vxx-qpwr in @rootio/basic-ftp - Patched by Root

Root has patched GHSA-rp42-5vxx-qpwr in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...

7.5CVSS5.7AI score
Exploits0
OSV
OSV
added 2026/06/08 4:26 p.m.8 views

ROOT-APP-NPM-CVE-2026-44240 CVE-2026-44240 in @rootio/basic-ftp - Patched by Root

Root has patched CVE-2026-44240 in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00465EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-8328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with...

5.9CVSS7AI score0.02511EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 9:16 p.m.16 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS0.00476EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/05/13 8:14 p.m.10 views

CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00476EPSS
Exploits0
OSV
OSV
added 2026/05/13 8:14 p.m.6 views

PSF-0000-CVE-2026-8328

The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with the actual peer address getpeername0, ftpcp still calls parse227 directly and passes the raw attacker-controllable IP address and port t...

5.9CVSS5.8AI score0.00476EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 9:16 p.m.11 views

UBUNTU-CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.9AI score0.00465EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/11 6:21 p.m.10 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-27699)

Summary There are vulnerabilities in basic-ftp-5.0.3.tgz, basic-ftp-5.0.5.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27699. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27699 DESCRIPTION: The basic-ftp FTP client library for Node.js...

9.8CVSS7.3AI score0.00528EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/04/07 4:14 p.m.7 views

CLSA-2022-1649348075 Fix CVE(s): CVE-2021-4189

SECURITY UPDATE: Expose sensitive information - debian/patches/CVE-2021-4189.patch: alters ftplib.FTP class behavior to not trust the IPv4 address sent from the remote server when setting up a passive data channel in resposne in Lib/ftplib.py, Lib/test/testftplib.py. - CVE-2021-4189...

5.3CVSS6.9AI score0.02511EPSS
Exploits0References1
OSV
OSV
added 2022/04/05 2:55 p.m.4 views

CLSA-2022-1649170553 Fix CVE(s): CVE-2021-4189

SECURITY UPDATE: Expose sensitive information - debian/patches/CVE-2021-4189.patch: alters ftplib.FTP class behavior to not trust the IPv4 address sent from the remote server when setting up a passive data channel in resposne in Lib/ftplib.py, Lib/test/testftplib.py. - CVE-2021-4189...

5.3CVSS6.9AI score0.02511EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.5 views

The vulnerability in the implementation of the Net::FTP class in the Ruby interpreter allows a hacker to gain unauthorized access to protected information.

The vulnerability in the implementation of the Net::FTP class in Ruby is related to deficiencies in protecting service data using the PASV command. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS6.3AI score0.0305EPSS
Exploits1References14Affected Software7
OSV
OSV
added 2013/12/26 12:0 a.m.7 views

UBUNTU-CVE-2013-1752

Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not y...

6.9AI score
Exploits1References6
exploitpack
exploitpack
added 2009/07/13 12:0 a.m.18 views

Tandberg MXP F7.0 - USER Remote Buffer Overflow (PoC)

Tandberg MXP F7.0 - USER Remote Buffer Overflow PoC TANDBERG BoF v0.1 - Tandberg MXP F7.0 Buffer Overflow Vulnerability PoC By otokoyama + We crash the process FtpCt00 by sending a 251 char string of /x20 commonly known as a blank space.very simple + The BOF happens due to the system passing all...

Exploits0
exploitpack
exploitpack
added 2006/11/13 12:0 a.m.31 views

HP Tru64 4.05.1 - POSIX Threads Library Privilege Escalation

HP Tru64 4.05.1 - POSIX Threads Library Privilege Escalation source: https://www.securityfocus.com/bid/21035/info HP Tru64 is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. Successful exploits...

5CVSS0.8AI score0.02994EPSS
Exploits6
Rows per page
Query Builder