Lucene search
K

19 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in curl

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port. In this way, the malicious server can potentially enable curl to extract information about services that would otherwise be private and undisclosed. This could...

4.3CVSS6.6AI score0.03851EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:5 a.m.37 views

BIT-RUBY-2021-31810

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise...

5.8CVSS6.5AI score0.0305EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS9.3AI score0.03851EPSS
Exploits0References140
Tenable Nessus
Tenable Nessus
added 2022/10/09 12:0 a.m.27 views

EulerOS Virtualization 3.0.6.6 : curl (EulerOS-SA-2022-2491)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/07 12:0 a.m.28 views

EulerOS Virtualization 3.0.2.0 : curl (EulerOS-SA-2022-1688)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/12/02 12:0 a.m.36 views

SUSE SLED15: libruby2_5-2_5 / ruby2.5 / ruby2.5-devel / ruby2.5-devel-extra / etc (SUSE-SU-2021:3838-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3838-1 advisory. - CVE-2021-31799: Fixed Command injection vulnerability in RDoc bsc1190375. - CVE-2021-31810: Fixed trusting FTP PASV...

7.4CVSS6.7AI score0.0305EPSS
Exploits2References10
OpenVAS
OpenVAS
added 2021/11/12 12:0 a.m.31 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2721)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.9AI score0.0305EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.43 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5020-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5020-1 advisory. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary...

7.4CVSS7.7AI score0.0305EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.33 views

EulerOS 2.0 SP9 : curl (EulerOS-SA-2021-1942)

According to the version of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way...

4.3CVSS6.5AI score0.03851EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/05/18 3:28 p.m.3 views

curl: FTP PASV command response can cause curl to connect to arbitrary host

A malicious server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. If cu...

4.3CVSS6.8AI score0.03851EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.32 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-1737)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.44 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1711)

According to the version of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port,...

4.3CVSS6.4AI score0.03851EPSS
Exploits0References2
Prion
Prion
added 2020/12/14 8:15 p.m.35 views

Code injection

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

4.3CVSS5.5AI score0.03851EPSS
Exploits0References16Affected Software16
Vulnrichment
Vulnrichment
added 2020/12/14 7:38 p.m.3 views

CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service...

6.7AI score0.03851EPSS
Exploits0References16
CVE
CVE
added 2020/12/14 7:38 p.m.386 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2020/12/09 8:0 a.m.6 views

CURL-CVE-2020-8284 trusting FTP PASV responses

When curl performs a passive FTP transfer, it first tries the EPSV command and if that is not supported, it falls back to using PASV. Passive mode is what curl uses by default. A server response to a PASV command includes the IPv4 address and port number for the client to connect back to in order...

4.3CVSS5.8AI score0.03851EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/03 12:0 a.m.13 views

Cisco VPN Concentrator Service Banner Information Disclosure (Bug ID CSCdu35577)

Binary data 2218.prm...

5CVSS7.3AI score0.0158EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/03 12:0 a.m.10 views

Cisco VPN Concentrator Service Banner Information Disclosure (Bug ID CSCdu35577)

Binary data 2217.prm...

5CVSS7.3AI score0.0158EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/12/18 12:0 a.m.24 views

Cross-site scripting vulnerability in SARA v<=4.2.7

XSS Vulnerability in Security Auditor's Research Assistant SARA versions before 5.0.0 Affects: SARA versions 4.2.6 and 4.2.7. Older versions not tested, presumably affected. Related software sharing common ancestry: SATAN 1.1.1 would not run properly on my test platform, but checking the code it...

0.6AI score
Exploits0
Rows per page
Query Builder