High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-22	CVE-2023-51713	Out-of-bounds Read vulnerability in Proftpd make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. network low complexity proftpd CWE-125	7.5
2022-11-23	CVE-2021-46854	Memory Leak vulnerability in Proftpd mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. network low complexity proftpd CWE-401	7.5
2020-02-20	CVE-2020-9273	Use After Free vulnerability in multiple products In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. network low complexity proftpd debian fedoraproject opensuse siemens CWE-416	8.8
2020-02-20	CVE-2020-9272	Out-of-bounds Read vulnerability in multiple products ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. network low complexity proftpd siemens opensuse CWE-125	7.5
2019-11-26	CVE-2019-19272	NULL Pointer Dereference vulnerability in Proftpd An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. network low complexity proftpd CWE-476	7.5
2019-11-26	CVE-2019-19271	Improper Certificate Validation vulnerability in Proftpd An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. network low complexity proftpd CWE-295	7.5
2019-11-26	CVE-2019-19270	Improper Certificate Validation vulnerability in multiple products An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. network low complexity proftpd fedoraproject CWE-295	7.5
2019-10-21	CVE-2019-18217	Infinite Loop vulnerability in Proftpd ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. network low complexity proftpd CWE-835	7.5
2016-04-05	CVE-2016-3125	7PK - Security Features vulnerability in multiple products The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. network low complexity proftpd opensuse fedoraproject CWE-254	7.5
2004-11-23	CVE-2004-0346	Off-by-one Error vulnerability in Proftpd 1.2.7/1.2.8/1.2.9 Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. local low complexity proftpd CWE-193	7.8