Lucene search
K

26 matches found

Cvelist
Cvelist
added 2026/06/10 2:35 p.m.30 views

CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

6.3CVSS0.00234EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS8.6AI score0.06307EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS8.6AI score0.06307EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : java-11-openjdk-11.0.12.0.7-0.el7 (AXSA:2021-2242:10)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2242:10 advisory. OpenJDK: Incorrect comparison during range check elimination Hotspot, 8264066 CVE-2021-2388 OpenJDK: FTP PASV command response can cause FtpClient t...

7.5CVSS7.8AI score0.04238EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : curl-7.61.1-18.el8 (AXSA:2021-1956:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1956:03 advisory. curl: FTP PASV command response can cause curl to connect to arbitrary host CVE-2020-8284 curl: Malicious FTP server can trigger stack overflow when...

7.5CVSS6.8AI score0.09917EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.8 views

MiracleLinux 7 : rh-ruby26-ruby-2.6.9-120.el7 (AXSA:2022-3091:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3091:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS7.4AI score0.06307EPSS
Exploits5References7
EUVD
EUVD
added 2025/12/16 3:30 p.m.6 views

EUVD-2025-203690

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload IP, port on the ftp control connection. This can requi...

6AI score0.00173EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.6 views

CVE-2025-68206

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload IP, port on the ftp control connection. This can requi...

5.9AI score0.00173EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write...

6.2AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2025/09/25 10:52 a.m.3 views

SUSE-SU-2025:20824-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...

7.5CVSS6.9AI score0.01301EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2025/09/25 10:50 a.m.4 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

7.5CVSS7.6AI score0.01301EPSS
Exploits1References16
OSV
OSV
added 2025/09/18 11:8 a.m.4 views

SUSE-SU-2025:03268-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...

7.5CVSS7.1AI score0.01301EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2025/09/09 10:22 a.m.2 views

Security update for curl

This update for curl fixes the following issues: CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. CVE-2025-4947: QUIC certificate check skip with wolfSS...

8.3CVSS7.1AI score0.01226EPSS
Exploits4References18
OSV
OSV
added 2025/09/09 10:21 a.m.2 views

SUSE-SU-2025:20675-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. - CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. - CVE-2025-4947: QUIC certificate check skip with...

7.5CVSS6.6AI score0.01226EPSS
Exploits4References8
OSV
OSV
added 2022/06/06 2:32 p.m.6 views

CLSA-2022-1654525948 Fixed CVEs in python2-pip-18.module_el8.4.0+2051+0b56c8de: CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-4189

CVE-2021-3733: urllib: Regular expression DoS in AbstractBasicAuthHandler rhbz2047376 - CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2047376 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2047376 - CVE-2022-0391: urllib.parse...

7.5CVSS6.8AI score0.11586EPSS
Exploits3References1
OSV
OSV
added 2022/05/31 3:27 p.m.6 views

CLSA-2022-1654010877 Fixed CVEs in python3: CVE-2022-0391, CVE-2021-4189, CVE-2021-3737

CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2036020 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2036020 - CVE-2022-0391: urllib.parse does not sanitize URLs containing ASCII newline and tabs rhbz2047376...

7.5CVSS6.8AI score0.11586EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2021/11/02 10:21 a.m.6 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
OSV
OSV
added 2021/10/22 5:6 p.m.7 views

CLSA-2021-1634922397 Fixed CVE-2020-8284 in curl

trusting FTP PASV responses CVE-2020-8284...

4.3CVSS6.7AI score0.03851EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/03 12:0 a.m.5 views

PT-2021-21147 · Libfetch +2 · Libfetch +2

Name of the Vulnerable Software and Affected Versions: libfetch versions prior to 2021-07-26 Description: The issue concerns the mishandling of numeric strings for the FTP and HTTP protocols. Specifically, the FTP passive mode implementation allows an out-of-bounds read due to the use of strtol t...

9.8CVSS7.4AI score0.87816EPSS
Exploits2References15
RedHat Linux
RedHat Linux
added 2021/07/22 3:2 p.m.2 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
Rows per page
Query Builder