449 matches found
Unity Linux 20.1070e Security Update: vsftpd (UTSA-2026-007077)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007077 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote,...
Unity Linux 20.1070a Security Update: vsftpd (UTSA-2026-007108)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007108 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote,...
SUSE CVE-2026-23459
In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...
EUVD-2026-18718
In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...
SQL Injection
Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via the construction of SQL statements in the glancesduckdb. An attacker can execute arbitrary SQL commands or manipulate the database schema by supplying crafted...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
Moderate: Red Hat Security Advisory: vsftpd security update
An update for vsftpd is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...
vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing
A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence...
BIT-GOLANG-2026-27139 FileInfo can escape from a Root in os
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...
CVE-2026-27139
On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the...
Amazon Linux 2 : vsftpd, --advisory ALAS2-2026-3176 (ALAS-2026-3176)
The version of vsftpd installed on the remote host is prior to 3.0.2-25. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3176 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter...
Medium: vsftpd
Issue Overview: A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. CVE-2025-14242 Affected Packages:...
Amazon Linux 2023 : vsftpd (ALAS2023-2026-1432)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1432 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafte...
Medium: vsftpd
Issue Overview: A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. CVE-2025-14242 Affected Packages:...
OESA-2026-1345 vsftpd security update
Vsftpd, or very secure FTP daemon, is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL. Vsftpd supports explicit since 2.0.0 and implicit since 2.1.0 FTPS. Security Fixes: A flaw was found in vsftpd. This...