Security update for erlang (moderate)

openSUSE security update: security update for erlang ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20043-1 Rating: moderate References: bsc1249469 bsc1249470 bsc1249472 Cross-References: CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVSS scores:...

CVE-2019-18342

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker wit...

EUVD-2008-2568

Malware in sbrugna...

EUVD-2025-19705

Malicious code in bioql PyPI...

EUVD-2024-17977

Malicious code in bioql PyPI...

EUVD-2023-24294

Malicious code in bioql PyPI...

Security Bulletin: Erlang/OTP SFTP Packet Size Validation Vulnerability Allows Excessive Memory Allocation

Summary Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang...

CVE-2024-25659

In Infinera TNMS Transcend Network Management System 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the SFTP user home directory...

CVE-2023-6729

Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact...

CVE-2021-36370

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

CVE-2025-27395

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and...

GO-2025-3495 MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio

MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

Vulnerability fixed in Progress MOVEit Transfer

Progress has fixed a vulnerability in MOVEit Transfer SFTP A malicious party can exploit the vulnerability to grant themselves elevated privileges, potentially gaining access to files that the malicious party is not initially authorized to access. Progress has released updates to fix the...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2484)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ch.admin.bit.jeap:jeap-archrepo-docgen (>=2.10.0 <=4.31.0), ch.admin.bit.jeap:jeap-archrepo-importer-messagetype (>=1.10.0 <=4.31.0) +498 more potentially affected by CVE-2023-35887 via org.apache.sshd:sshd-sftp (>=2.0.0 <=2.9.2)

org.apache.sshd:sshd-sftp MAVEN version =2.0.0, =2.10.0, =1.10.0, =1.10.0, =1.15.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =3.26.0, =3.26.0, =3.26.0, =3.26.0, =1.1.0, =1.1.1 - com.ailbb:alt =1.5 - com.amashchenko.maven.plugin:gitflow-maven-plugin =1.21.0 and more Source cves: CVE-2023-35887 Source...

CVE-2009-3478

Argument injection vulnerability in 1 src/content/js/connection/sftp.js and 2 src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename...

FreeSSHd 1.2.1 (rename) Remote Buffer Overflow Exploit (SEH)

Exploit for windows platform in category remote exploits ============================================================ FreeSSHd 1.2.1 rename Remote Buffer Overflow Exploit SEH ============================================================ FreeSSHd 1.2.1 rename Remote Buffer Overflow Exploit Test box...