CVE-2020-37250 TFTP Broadband 4.3.0.1465 Unquoted Service Path Privilege Escalation

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...

CVE-2020-37250

CVE-2020-37250 affects TFTP Broadband 4.3.0.1465 where the unquoted service path in the tftpt.exe service binary enables local privilege escalation to LocalSystem by placing a malicious executable in the Program Files path that is executed at service startup or system reboot. The vulnerability is...

curl: TFTP upload ignores --continue-at / CURLOPT_RESUME_FROM and leaks skipped local file prefix

Summary TFTP uploads ignore the configured resume offset. When a caller runs curl -C N -T file tftp://... or uses libcurl with CURLOPTUPLOAD and CURLOPTRESUMEFROM, curl should skip the first N bytes of the local source before uploading. Instead, the TFTP code sends the complete local file from by...

Astra Linux - уязвимость в libslirp

An invalid pointer initialization issue was discovered in the SLiRP networking implementation of QEMU. The flaw resides in the tftpinput function and can occur when processing an UDP packet that is smaller than the size of the ‘tftpt’ structure. This issue may lead to out-of-bounds read access or...

Security update for erlang26

This update for erlang26 fixes the following issues Security issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681...

[SECURITY] [DLA 4590-1] erlang security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4590-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 18, 2026 https://wiki.debian.org/LTS -...

Security Bulletin: Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp

Summary Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

SUSE SLES15 Security Update : erlang (SUSE-SU-2026:1714-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1714-1 advisory. - CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. - CVE-2026-23941: HTTP Request Smuggling...

curl: Fix of 3 CVEs

CVE-2016-8618: fix double-free in curlmaprintf - CVE-2016-8619: fix double-free in krb5 code - CVE-2019-5482: fix heap buffer overflow in TFTP receive...

CLSA-2026-1778223262 curl: Fix of 3 CVEs

CVE-2016-8618: fix double-free in curlmaprintf - CVE-2016-8619: fix double-free in krb5 code - CVE-2019-5482: fix heap buffer overflow in TFTP receive...

Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability

Talos Vulnerability Report TALOS-2025-2305 Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability May 7, 2026 CVE Number CVE-2026-30817 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore routeup functionality of Tp-Link...

Security update for erlang

This update for erlang fixes the following issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. CVE-2026-23943: denia...

SUSE-SU-2026:1714-1 Security update for erlang

This update for erlang fixes the following issues: - CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. - CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. - CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. - CVE-2026-2394...

curl: Fix of 2 CVEs

CVE-2019-5436: tftp: use the current blksize for recvfrom - CVE-2016-8615: cookie: replace use of fgets with custom version...

CLSA-2026-1777877363 curl: Fix of 2 CVEs

CVE-2019-5436: tftp: use the current blksize for recvfrom - CVE-2016-8615: cookie: replace use of fgets with custom version...

CLSA-2026-1777878036 curl: Fix of 2 CVEs

CVE-2019-5436: tftp: use the current blksize for recvfrom - CVE-2016-8615: cookie: replace use of fgets with custom version...

Astra Linux – Vulnerability in libssh

In libssh 0.9.4, there is a NULL pointer dereferencing in tftpserver.c if sshbuffernew returns NULL...

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20607-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20607-1 advisory. Security issues fixed: - CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote arbitra...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...