19 matches found
Astra Linux – Vulnerability in curl
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port. In this way, the malicious server can potentially enable curl to extract information about services that would otherwise be private and undisclosed. This could...
BIT-RUBY-2021-31810
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...
SUSE CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...
EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2022-2491)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...
EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2022-1688)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...
SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2021:3838-1)
The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3838-1 advisory. - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2721)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5020-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5020-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-1942)
According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way...
curl: FTP PASV command response can cause curl to connect to arbitrary host
A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...
EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-1737)
According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...
EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1711)
According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...
Code injection
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...
CVE-2020-8284
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...
CVE-2020-8284
CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...
CURL-CVE-2020-8284 trusting FTP PASV responses
When curl performs a passive FTP transfer, it first tries the EPSV command and if that is not supported, it falls back to using PASV. Passive mode is what curl uses by default. A server response to a PASV command includes the IPv4 address and port number for the client to connect back to in order...
Cisco VPN Concentrator Service Banner Information Disclosure (Bug ID CSCdu35577)
Binary data 2218.prm...
Cisco VPN Concentrator Service Banner Information Disclosure (Bug ID CSCdu35577)
Binary data 2217.prm...
Cross-site scripting vulnerability in SARA v<=4.2.7
XSS Vulnerability in Security Auditor's Research Assistant SARA versions before 5.0.0 Affects: SARA versions 4.2.6 and 4.2.7. Older versions not tested, presumably affected. Related software sharing common ancestry: SATAN 1.1.1 would not run properly on my test platform, but checking the code it...