Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51713 | 1 Proftpd | 1 Proftpd | 2024-01-08 | N/A | 7.5 HIGH |
| make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | |||||
| CVE-2020-9272 | 3 Opensuse, Proftpd, Siemens | 7 Backports Sle, Leap, Proftpd and 4 more | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | |||||
| CVE-2020-9273 | 5 Debian, Fedoraproject, Opensuse and 2 more | 9 Debian Linux, Fedora, Backports Sle and 6 more | 2021-09-14 | 9.0 HIGH | 8.8 HIGH |
| In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. | |||||
| CVE-2019-19270 | 2 Fedoraproject, Proftpd | 2 Fedora, Proftpd | 2020-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | |||||
| CVE-2019-19271 | 1 Proftpd | 1 Proftpd | 2019-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | |||||
| CVE-2019-19272 | 1 Proftpd | 1 Proftpd | 2019-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. | |||||
| CVE-2019-18217 | 1 Proftpd | 1 Proftpd | 2019-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | |||||
| CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||