Vulnerabilities > Proftpd

DATE CVE VULNERABILITY TITLE RISK
2020-02-20 CVE-2020-9273 Use After Free vulnerability in multiple products
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel.
network
low complexity
proftpd debian fedoraproject opensuse siemens CWE-416
critical
9.0
2020-02-20 CVE-2020-9272 Out-of-bounds Read vulnerability in Proftpd 1.3.7
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
network
low complexity
proftpd CWE-125
5.0
2019-11-30 CVE-2019-19269 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
network
low complexity
proftpd fedoraproject debian CWE-476
4.0
2019-11-26 CVE-2019-19272 NULL Pointer Dereference vulnerability in Proftpd
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6.
network
low complexity
proftpd CWE-476
5.0
2019-11-26 CVE-2019-19271 Improper Certificate Validation vulnerability in Proftpd
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6.
network
low complexity
proftpd CWE-295
5.0
2019-11-26 CVE-2019-19270 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
network
low complexity
proftpd fedoraproject CWE-295
5.0
2019-10-21 CVE-2019-18217 Infinite Loop vulnerability in Proftpd
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
network
low complexity
proftpd CWE-835
5.0
2019-07-19 CVE-2019-12815 Improper Handling of Exceptional Conditions vulnerability in Proftpd
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
network
low complexity
proftpd CWE-755
7.5
2017-04-04 CVE-2017-7418 Link Following vulnerability in Proftpd 1.3.2/1.3.4/1.3.6
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks.
local
low complexity
proftpd CWE-59
2.1
2016-04-05 CVE-2016-3125 Cryptographic Issues vulnerability in multiple products
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
network
low complexity
proftpd opensuse fedoraproject CWE-310
5.0