Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/10 2:35 p.m.30 views

CVE-2026-48858 ftp client PASV response IP not validated against control peer, enabling SSRF and FTP bounce attacks

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

6.3CVSS0.00234EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

9.3CVSS8.6AI score0.06307EPSS
Exploits3References5
EUVD
EUVD
added 2025/12/16 3:30 p.m.6 views

EUVD-2025-203690

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload IP, port on the ftp control connection. This can requi...

6AI score0.00173EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.5 views

CVE-2025-68206

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload IP, port on the ftp control connection. This can requi...

5.9AI score0.00173EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write...

6.2AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/08/03 12:0 a.m.4 views

PT-2021-21147 · Libfetch +2 · Libfetch +2

Name of the Vulnerable Software and Affected Versions: libfetch versions prior to 2021-07-26 Description: The issue concerns the mishandling of numeric strings for the FTP and HTTP protocols. Specifically, the FTP passive mode implementation allows an out-of-bounds read due to the use of strtol t...

9.8CVSS7.4AI score0.87816EPSS
Exploits2References15
RedHat Linux
RedHat Linux
added 2021/07/22 3:2 p.m.2 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/21 9:46 a.m.7 views

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

4.3CVSS7.4AI score0.04238EPSS
Exploits0References4
OSV
OSV
added 2020/12/09 8:0 a.m.2 views

UBUNTU-CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

3.7CVSS6.8AI score0.03851EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.31 views

SuSE 10 Security Update : kdelibs3,kdelibs3-devel,CVE-2007-1564 (ZYPP Patch Number 3988)

A bug in konqueror allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29483;...

6.8CVSS5.3AI score0.03778EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.33 views

SuSE 10 Security Update : kdelibs3 (ZYPP Patch Number 3053)

A bug in KHTML could be exploited to conduct cross site scripting XSS attacks. CVE-2007-0537 Another bug allowed attackers to abuse the FTP passive mode for portscans. CVE-2007-1564 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

6.8CVSS5AI score0.03778EPSS
Exploits0References4
Rows per page
Query Builder