Lucene search
K

165 matches found

OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:25 p.m.7 views

CVE-2026-5268

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

9.1CVSS6AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 3:25 p.m.36 views

CVE-2026-5268 SFTP Server Authentication Weakness

An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...

0.0042EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 4:6 p.m.17 views

CVE-2026-54886

The vulnerability CVE-2026-54886 affects Erlang/OTP's SSH server side (ssh_sftpd) and allows an authenticated SFTP client to trigger an infinite loop on a channel by sending SSH_MSG_CHANNEL_EXTENDED_DATA. The handle_data/4 clause tail-calls itself when a non-zero data_type_code arrives with an em...

5.3CVSS6AI score0.0033EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2026/07/02 4:6 p.m.7 views

EUVD-2026-41410

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS5.8AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 4:6 p.m.3 views

EEF-CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root

Summary Observable Response Discrepancy vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH\FXP\REALPATH handler in ssh\sftpd calls relate\file\name/3 with...

2.3CVSS5.8AI score0.00262EPSS
Exploits0References6
NVD
NVD
added 2026/06/11 7:16 a.m.16 views

CVE-2026-40987

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS0.0021EPSS
Exploits0References1
Mageia
Mageia
added 2026/06/10 5:7 a.m.14 views

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

8.8CVSS6.2AI score0.02394EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.8 views

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization...

7.1CVSS6.1AI score0.0021EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-49238

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS5.6AI score0.00505EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 1:22 p.m.41 views

CVE-2026-49238 SFTP Server VM Escape in Canonical Multipass

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS0.00505EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 1:22 p.m.15 views

CVE-2026-49238 SFTP Server VM Escape in Canonical Multipass

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS6AI score0.00505EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:22 p.m.27 views

CVE-2026-49238

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

8.4CVSS6AI score0.00505EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 1:22 p.m.32 views

CVE-2026-49238

CVE-2026-49238 affects Canonical Multipass

8.4CVSS6AI score0.00505EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44376

Name of the Vulnerable Software and Affected Versions Canonical Multipass versions prior to 1.16.3 Description The host-side SFTP server component sshfs server, which runs with root privileges on the host, contains a path containment bypass in the validate path function. This function uses a plai...

8.4CVSS6AI score0.00505EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:1 p.m.5 views

CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/03/30 11:2 a.m.23 views

CVE-2019-25654 Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an...

8.7CVSS0.00691EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS6AI score0.00442EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

3.1CVSS5.9AI score0.00442EPSS
Exploits0
OSV
OSV
added 2026/03/20 2:24 p.m.14 views

OESA-2026-1667 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP...

9.4CVSS5.8AI score0.00644EPSS
Exploits0References4
Rows per page
Query Builder