Vulnerabilities > Open Tftp Server Project

DATE CVE VULNERABILITY TITLE RISK
2020-10-28 CVE-2020-26130 Incorrect Permission Assignment for Critical Resource vulnerability in Open Tftp Server Project Open Tftp Server 1.66
Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66.
local
low complexity
open-tftp-server-project CWE-732
7.8
7.8
2019-12-23 CVE-2019-12568 Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66
Stack-based overflow vulnerability in the logMess function in Open TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12567.
network
low complexity
open-tftp-server-project CWE-787
critical
 9.8
9.8
2019-12-23 CVE-2019-12567 Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65
Stack-based overflow vulnerability in the logMess function in Open TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2018-10387 and CVE-2019-12568.
network
low complexity
open-tftp-server-project CWE-787
critical
 9.8
9.8
2019-12-23 CVE-2018-10389 Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.65
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
network
low complexity
open-tftp-server-project CWE-134
critical
 9.8
9.8
2019-12-23 CVE-2018-10388 Use of Externally-Controlled Format String vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66
Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.
network
low complexity
open-tftp-server-project CWE-134
critical
 9.8
9.8
2019-12-23 CVE-2018-10387 Out-of-bounds Write vulnerability in Open Tftp Server Project Open Tftp Server 1.64/1.66
Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a different vulnerability than CVE-2008-2161.
network
low complexity
open-tftp-server-project CWE-787
critical
 9.8
9.8