Vulnerabilities > Proftpd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-51713 | Out-of-bounds Read vulnerability in Proftpd make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | 7.5 |
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead kitty-project gentoo CWE-354 | 5.9 |
| 2022-11-23 | CVE-2021-46854 | Memory Leak vulnerability in Proftpd mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | 7.5 |
| 2020-02-20 | CVE-2020-9273 | Use After Free vulnerability in multiple products In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. | 8.8 |
| 2020-02-20 | CVE-2020-9272 | Out-of-bounds Read vulnerability in multiple products ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | 5.0 |
| 2019-11-30 | CVE-2019-19269 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. | 4.9 |
| 2019-11-26 | CVE-2019-19272 | NULL Pointer Dereference vulnerability in Proftpd An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. | 5.0 |
| 2019-11-26 | CVE-2019-19271 | Improper Certificate Validation vulnerability in Proftpd An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. | 5.0 |
| 2019-11-26 | CVE-2019-19270 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. | 7.5 |
| 2019-10-21 | CVE-2019-18217 | Infinite Loop vulnerability in Proftpd ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | 7.5 |