Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Proftpd
(Proftpd)Repositories | https://github.com/proftpd/proftpd |
#Vulnerabilities | 27 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-12-18 | CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles... | Kitty, Sshd, Sshj, Macos, Asyncssh, Ssh_client, Ssh_server, Sshlib, Thrussh, Crushftp, Debian_linux, Dropbear_ssh, Erlang\/otp, Fedora, Filezilla_client, Freebsd, Security, Crypto, Maverick_synergy_java_ssh_api, Lanconfig, Lcos, Lcos_fx, Lcos_lx, Lcos_sx, Libssh, Libssh2, Jsch, Powershell, Net\-Ssh, Pfsense_ce, Pfsense_plus, Xshell_7, Openssh, Cyclone_ssh, Nova, Transmit_5, Paramiko, Proftpd, Putty, Advanced_cluster_security, Ceph_storage, Cert\-Manager_operator_for_red_hat_openshift, Discovery, Enterprise_linux, Jboss_enterprise_application_platform, Keycloak, Openshift_api_for_data_protection, Openshift_container_platform, Openshift_data_foundation, Openshift_dev_spaces, Openshift_developer_tools_and_services, Openshift_gitops, Openshift_pipelines, Openshift_serverless, Openshift_virtualization, Openstack_platform, Single_sign\-On, Storage, Pkixssh, Russh, Sftpgo, Ssh, Ssh2, Tera_term, Sftp_gateway_firmware, Tinyssh, Ssh2, Securecrt, Winscp | 5.9 | ||
2020-02-20 | CVE-2020-9272 | ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | Backports_sle, Leap, Proftpd, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1545\-1_firmware | 7.5 | ||
2020-02-20 | CVE-2020-9273 | In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. | Debian_linux, Fedora, Backports_sle, Leap, Proftpd, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1545\-1_firmware | 8.8 | ||
2022-11-23 | CVE-2021-46854 | mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | Proftpd | 7.5 | ||
2023-12-22 | CVE-2023-51713 | make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. | Proftpd | 7.5 | ||
2004-10-15 | CVE-2004-1602 | ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. | Proftpd | N/A | ||
2004-11-23 | CVE-2004-0346 | Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | Proftpd | 7.8 | ||
2001-03-12 | CVE-2001-0136 | Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. | Linux, Debian_linux, Mandrake_linux, Proftpd | N/A | ||
2019-07-19 | CVE-2019-12815 | An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. | Debian_linux, Fedora, Proftpd, Simatic_cp_1543\-1_firmware | 9.8 | ||
2019-10-21 | CVE-2019-18217 | ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. | Proftpd | 7.5 |