3 matches found
CVE-2026-59997
The CVE affects OpenSSH’s internal-sftp helper invoked by sshd, where the process only parses the first 9 command-line arguments. This is tied to OpenSSH before version 10.4. According to the description, this could undermine intended security properties of an SFTP connection if a later argument ...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the api/internal/sftp-event endpoint. An attacker can remove database records associated with media files by crafting custom HTTP requests that simulate internal SFTP events, provided they have knowledge of vali...
Linux: SSH Subsystem
Subsystem: Configures an external subsystem e.g. file transfer daemon. Arguments should be a subsystem name and a command with optional arguments to execute upon subsystem request. The command sftp-server implements the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...