Lucene search
K

5 matches found

OSV
OSV
added 2026/06/12 12:27 p.m.8 views

OESA-2026-2669 gvfs security update

Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...

4.3CVSS8.8AI score0.0036EPSS
Exploits2References3
NVD
NVD
added 2026/02/26 4:24 p.m.6 views

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 3:33 p.m.6 views

CVE-2026-28295

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.7AI score0.00186EPSS
Exploits0References3
RubySec
RubySec
added 2021/07/13 12:0 a.m.7 views

Trusting FTP PASV responses vulnerability in Net::FTP

A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed e.g., the attacker can conduct port scans and service banner...

5.8CVSS7AI score0.0305EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2020/12/14 8:15 p.m.0 views

DEBIAN-CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

3.7CVSS6.3AI score0.03851EPSS
Exploits0References1
Rows per page
Query Builder