Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS9.3AI score0.03851EPSS
Exploits0References140
OSV
OSV
added 2021/07/13 1:15 p.m.4 views

ALPINE-CVE-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

5.8CVSS6.8AI score0.0305EPSS
Exploits1References1
RubySec
RubySec
added 2021/07/13 12:0 a.m.6 views

Trusting FTP PASV responses vulnerability in Net::FTP

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

5.8CVSS7AI score0.0305EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/18 3:28 p.m.3 views

curl: FTP PASV command response can cause curl to connect to arbitrary host

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References5
Rows per page
Query Builder