26 matches found
CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks
Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...
MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...
MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...
MiracleLinux 7 : java-11-openjdk-11.0.12.0.7-0.el7 (AXSA:2021-2242:10)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2242:10 advisory. OpenJDK: Incorrect comparison during range check elimination Hotspot, 8264066 CVE-2021-2388 OpenJDK: FTP PASV command response can cause FtpClient t...
MiracleLinux 8 : curl-7.61.1-18.el8 (AXSA:2021-1956:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1956:03 advisory. curl: FTP PASV command response can cause curl to connect to arbitrary host CVE-2020-8284 curl: Malicious FTP server can trigger stack overflow when...
MiracleLinux 7 : rh-ruby26-ruby-2.6.9-120.el7 (AXSA:2022-3091:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3091:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...
EUVD-2025-203690
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload IP, port on the ftp control connection. This can requi...
CVE-2025-68206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload IP, port on the ftp control connection. This can requi...
Linux Distros Unpatched Vulnerability : CVE-2025-68206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write...
SUSE-SU-2025:20824-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...
Security update for curl
This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...
SUSE-SU-2025:03268-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer bsc1249191. - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious serv...
Security update for curl
This update for curl fixes the following issues: CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. CVE-2025-4947: QUIC certificate check skip with wolfSS...
SUSE-SU-2025:20675-1 Security update for curl
This update for curl fixes the following issues: - CVE-2025-5399: libcurl can possibly get trapped in an endless busy-loop when processing specially crafted packets bsc1243933. - CVE-2025-5025: No QUIC certificate pinning with wolfSSL bsc1243706. - CVE-2025-4947: QUIC certificate check skip with...
CLSA-2022-1654525948 Fixed CVEs in python2-pip-18.module_el8.4.0+2051+0b56c8de: CVE-2021-3733, CVE-2021-3737, CVE-2022-0391, CVE-2021-4189
CVE-2021-3733: urllib: Regular expression DoS in AbstractBasicAuthHandler rhbz2047376 - CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2047376 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2047376 - CVE-2022-0391: urllib.parse...
CLSA-2022-1654010877 Fixed CVEs in python3: CVE-2022-0391, CVE-2021-4189, CVE-2021-3737
CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2036020 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2036020 - CVE-2022-0391: urllib.parse does not sanitize URLs containing ASCII newline and tabs rhbz2047376...
OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...
CLSA-2021-1634922397 Fixed CVE-2020-8284 in curl
trusting FTP PASV responses CVE-2020-8284...
PT-2021-21147 · Libfetch +2 · Libfetch +2
Name of the Vulnerable Software and Affected Versions: libfetch versions prior to 2021-07-26 Description: The issue concerns the mishandling of numeric strings for the FTP and HTTP protocols. Specifically, the FTP passive mode implementation allows an out-of-bounds read due to the use of strtol t...
OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...