Vulnerabilities > Proftpd > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-22 CVE-2023-51713 Out-of-bounds Read vulnerability in Proftpd
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
network
low complexity
proftpd CWE-125
7.5
2022-11-23 CVE-2021-46854 Memory Leak vulnerability in Proftpd
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
network
low complexity
proftpd CWE-401
7.5
2020-02-20 CVE-2020-9273 Use After Free vulnerability in multiple products
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel.
8.8
2020-02-20 CVE-2020-9272 Out-of-bounds Read vulnerability in multiple products
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
network
low complexity
proftpd siemens opensuse CWE-125
7.5
2019-11-26 CVE-2019-19272 NULL Pointer Dereference vulnerability in Proftpd
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6.
network
low complexity
proftpd CWE-476
7.5
2019-11-26 CVE-2019-19271 Improper Certificate Validation vulnerability in Proftpd
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6.
network
low complexity
proftpd CWE-295
7.5
2019-11-26 CVE-2019-19270 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
network
low complexity
proftpd fedoraproject CWE-295
7.5
2019-10-21 CVE-2019-18217 Infinite Loop vulnerability in Proftpd
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
network
low complexity
proftpd CWE-835
7.5
2016-04-05 CVE-2016-3125 7PK - Security Features vulnerability in multiple products
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
network
low complexity
proftpd opensuse fedoraproject CWE-254
7.5
2004-11-23 CVE-2004-0346 Off-by-one Error vulnerability in Proftpd 1.2.7/1.2.8/1.2.9
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
local
low complexity
proftpd CWE-193
7.8