7 matches found
CVE-2023-48795
CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...
CVE-2024-31497
PuTTY versions 0.68–0.80 (before 0.81) are vulnerable to a biased ECDSA nonce issue that can enable an attacker to recover a user’s NIST P-521 private key after observing signatures. The CVE is discussed in multiple advisories and vendor notices (Debian LTS advisory DLA-3839-1, Fedora package upd...
CVE-2019-5429
CVE-2019-5429 affects FileZilla and is caused by an untrusted search path that allows privilege escalation via a malicious ‘fzsftp’ binary placed in a user’s home directory. The vulnerability impacts FileZilla versions before 3.41.0-rc1 and is described in multiple sources (e.g., Debian DLA-3026-...
CVE-2022-29620
FileZilla v3.59.0 is affected by a memory-dump exposure where an attacker can obtain cleartext passwords of connected SSH/FTP servers. This is consistently described across Red Hat, Ubuntu, NVD, CVE records, and CNNVD, all noting the vendor does not consider it a vulnerability or a lack of a publ...
CVE-2016-15003
FileZilla Client 3.17.0.0 is affected by a local unquoted search path vulnerability in the Installer uninstall.exe. The underlying issue is an unquoted path in the uninstall component, which can be exploited to cause elevated access. The available description notes that the attack can be initiate...
CVE-2023-53959
FileZilla Client 3.63.1 is affected by a DLL hijacking flaw: an attacker can place a crafted TextShaping.dll in the application directory to achieve remote code execution when FileZilla is launched. The vulnerability stems from a missing/bad TextShaping.dll that can be replaced with a malicious p...
CVE-2019-25683
FileZilla 3.40.0 is reported vulnerable to a local-denial-of-service in the local search function. A crafted search directory input consisting of 384 'A' characters followed by 'BBBB' and 'CCCC' sequences can crash the application when performing a local search. CVSS data indicates local attack v...