Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2022/05/07 12:0 a.m.28 views

EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2022-1688)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/02 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2021:3837-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.03849EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.29 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-1921)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way...

4.3CVSS6.5AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.44 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1711)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References2
OSV
OSV
added 2020/12/31 2:32 p.m.9 views

MGASA-2020-0482 Updated curl packages fix security vulnerabilities

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. CVE-2020-8231. A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl...

7.5CVSS6AI score0.09917EPSS
Exploits3References10
CVE
CVE
added 2020/12/14 7:38 p.m.386 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2020/12/09 8:0 a.m.5 views

CURL-CVE-2020-8284 trusting FTP PASV responses

When curl performs a passive FTP transfer, it first tries the EPSV command and if that is not supported, it falls back to using PASV. Passive mode is what curl uses by default. A server response to a PASV command includes the IPv4 address and port number for the client to connect back to in order...

4.3CVSS5.8AI score0.03851EPSS
Exploits0
Rows per page
Query Builder