The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476

git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd

lists.debian.org/debian-lts-announce/2022/11/msg00033.html

lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html

prion 2

nvd 2

cve 2

debiancve 2

ubuntucve 2

nessus 48

debian 3

openvas 29

osv 9

ubuntu 3

veracode 1

alpinelinux 1

f5 1

hackerone 2

cbl_mariner 1

cloudlinux 1

ibm 8

cvelist 1

redhatcve 1

fedora 2

suse 2

photon 6

freebsd 1

slackware 1

rocky 1

almalinux 1

cloudfoundry 1

mageia 1

oraclelinux 1

amazon 1

gentoo 1

redhat 15

rosalinux 1

apple 3

ics 2

oracle 4

prion

Code injection

2021-09-03 02:15:00

Code injection

2020-12-14 20:15:00

nvd

CVE-2021-40491

2021-09-03 02:15:06

CVE-2020-8284

2020-12-14 20:15:13

cve

CVE-2021-40491

2021-09-03 02:15:06

CVE-2020-8284

2020-12-14 20:15:13

debiancve

CVE-2021-40491

2021-09-03 02:15:06

CVE-2020-8284

2020-12-14 20:15:13

ubuntucve

CVE-2021-40491

2021-09-03 00:00:00

CVE-2020-8284

2020-12-09 00:00:00

nessus

Debian DLA-3205-1 : inetutils - LTS security update

2022-11-27 00:00:00

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Inetutils vulnerability (USN-5177-1)

2023-10-16 00:00:00

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1711)

2021-04-15 00:00:00

debian

[SECURITY] [DLA 3205-1] inetutils security update

2022-11-25 19:06:45

[SECURITY] [DLA 2500-1] curl security update

2020-12-19 02:59:56

[SECURITY] [DSA 4881-1] curl security update

2021-03-31 09:30:31

openvas

Debian: Security Advisory (DLA-3205-1)

2022-11-26 00:00:00

Ubuntu: Security Advisory (USN-5177-1)

2023-01-27 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1055)

2023-01-09 00:00:00

osv

inetutils vulnerability

2022-08-08 15:38:39

CVE-2020-8284

2020-12-14 20:15:13

inetutils - security update

2022-11-25 00:00:00

ubuntu

Inetutils vulnerability

2022-08-08 00:00:00

curl vulnerabilities

2020-12-09 00:00:00

curl vulnerabilities

2020-12-09 00:00:00

veracode

Phishing Attacks

2020-12-11 09:23:25

alpinelinux

CVE-2020-8284

2020-12-14 20:15:13

K63525058 : cURL vulnerability CVE-2020-8284

2021-02-19 00:00:00

hackerone

curl: CVE-2020-8284: trusting FTP PASV responses

2020-11-21 13:57:43

Ruby: lib/net/ftp.rb: trusting PASV responses allow client abuse

2021-04-02 15:56:47

cbl_mariner

CVE-2020-8284 affecting package curl 7.68.0-5

2020-12-16 04:51:58

cloudlinux

Fix of CVE: CVE-2020-8284

2020-12-02 12:00:00

ibm

Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)

2021-05-19 11:57:46

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

2021-06-04 01:09:08

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

2021-06-04 16:40:33

cvelist

CVE-2020-8284

2020-12-14 19:38:26

redhatcve

CVE-2020-8284

2020-12-09 17:44:52

fedora

[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32

2020-12-21 01:36:25

[SECURITY] Fedora 33 Update: curl-7.71.1-8.fc33

2020-12-15 01:22:19

suse

Security update for curl (moderate)

2020-12-13 00:00:00

Security update for curl (moderate)

2020-12-14 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0346

2020-12-10 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0304

2020-12-10 00:00:00

Important Photon OS Security Update - PHSA-2020-0346

2020-12-10 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2020-12-09 00:00:00

slackware

[slackware-security] curl

2020-12-09 21:22:01

rocky

curl security and bug fix update

2021-05-18 05:39:00

almalinux

Moderate: curl security and bug fix update

2021-05-18 05:39:00

cloudfoundry

USN-4665-1: curl vulnerabilities | Cloud Foundry

2021-01-12 00:00:00

mageia

Updated curl packages fix security vulnerabilities

2020-12-31 17:32:44

oraclelinux

curl security and bug fix update

2021-05-25 00:00:00

amazon

Medium: curl

2021-08-04 20:32:00

gentoo

cURL: Multiple vulnerabilities

2020-12-23 00:00:00

redhat

(RHSA-2021:1610) Moderate: curl security and bug fix update

2021-05-18 05:39:00

(RHSA-2021:2471) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update

2021-06-17 11:31:22

(RHSA-2021:2472) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update

2021-06-17 11:33:18

rosalinux

Advisory ROSA-SA-2021-1818

2021-07-02 16:36:57

apple

About the security content of Security Update 2021-003 Mojave

2021-04-26 00:00:00

About the security content of Security Update 2021-002 Catalina

2021-04-26 00:00:00

About the security content of macOS Big Sur 11.3

2021-04-26 00:00:00

ics

Siemens SINEC INS

2022-03-10 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.3

Confidence

High

EPSS

0.003

Percentile

68.5%

JSON

Related for CVELIST:CVE-2021-40491