Vulnerabilities > Troglobit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2022-48620 | Classic Buffer Overflow vulnerability in Troglobit Libeuv uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. | 9.8 |
| 2020-12-18 | CVE-2020-20277 | Path Traversal vulnerability in Troglobit Uftpd There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | 9.8 |
| 2020-12-18 | CVE-2020-20276 | Out-of-bounds Write vulnerability in Troglobit Uftpd An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | 7.5 |
| 2020-06-15 | CVE-2020-14149 | NULL Pointer Dereference vulnerability in Troglobit Uftpd In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. | 5.0 |
| 2020-01-22 | CVE-2020-5221 | Path Traversal vulnerability in Troglobit Uftpd In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). | 6.4 |
| 2020-01-06 | CVE-2020-5204 | Classic Buffer Overflow vulnerability in Troglobit Uftpd In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. | 6.5 |
| 2011-01-11 | CVE-2011-0007 | Link Following vulnerability in Troglobit Pimd 2.1.5 pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. | 3.3 |