Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2020-8284
Description:A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
Test IDs: 1.3.6.1.4.1.25623.1.0.892500   1.3.6.1.4.1.25623.1.1.2.2021.1942   1.3.6.1.4.1.25623.1.1.2.2021.1737   1.3.6.1.4.1.25623.1.1.2.2021.1921   1.3.6.1.4.1.25623.1.1.2.2021.1711   1.3.6.1.4.1.25623.1.0.704881   1.3.6.1.4.1.25623.1.1.2.2021.1868   1.3.6.1.4.1.25623.1.1.2.2021.1997  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-8284
https://security.netapp.com/advisory/ntap-20210122-0007/
https://support.apple.com/kb/HT212325
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
Debian Security Information: DSA-4881 (Google Search)
https://www.debian.org/security/2021/dsa-4881
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/
https://security.gentoo.org/glsa/202012-14
https://curl.se/docs/CVE-2020-8284.html
https://curl.se/docs/CVE-2020-8284.html
https://hackerone.com/reports/1040166
https://hackerone.com/reports/1040166
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html




© 1998-2021 E-Soft Inc. All rights reserved.