Vulnerabilities > Troglobit > Uftpd > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-14149 | NULL Pointer Dereference vulnerability in Troglobit Uftpd In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. | 7.5 |
| 2020-01-22 | CVE-2020-5221 | Path Traversal vulnerability in Troglobit Uftpd In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). | 7.2 |
| 2020-01-06 | CVE-2020-5204 | Classic Buffer Overflow vulnerability in Troglobit Uftpd In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. | 8.8 |