Vulnerabilities > Proftpd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-20 | CVE-2020-9273 | Use After Free vulnerability in multiple products In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. | 9.0 |
| 2020-02-20 | CVE-2020-9272 | Out-of-bounds Read vulnerability in multiple products ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | 5.0 |
| 2019-11-30 | CVE-2019-19269 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. | 4.0 |
| 2019-11-26 | CVE-2019-19272 | NULL Pointer Dereference vulnerability in Proftpd An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. | 5.0 |
| 2019-11-26 | CVE-2019-19271 | Improper Certificate Validation vulnerability in Proftpd An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. | 5.0 |
| 2019-11-26 | CVE-2019-19270 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. | 5.0 |
| 2019-10-21 | CVE-2019-18217 | Infinite Loop vulnerability in Proftpd ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | 5.0 |
| 2019-07-19 | CVE-2019-12815 | Improper Handling of Exceptional Conditions vulnerability in Proftpd An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. | 7.5 |
| 2017-04-04 | CVE-2017-7418 | Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6 ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. | 2.1 |
| 2016-04-05 | CVE-2016-3125 | Cryptographic Issues vulnerability in multiple products The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | 5.0 |