Latest proftpd proftpd Vulnerabilities

CVE-2023-51713
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
Proftpd Proftpd<1.3.8a
CVE-2023-48795
Prefix Truncation Attacks in SSH Specification (Terrapin Attack)
ubuntu/openssh<1:7.2
ubuntu/openssh<1:7.6
ubuntu/openssh<1:9.5
ubuntu/openssh<1:8.2
ubuntu/openssh<1:8.9
ubuntu/openssh<1:9.0
and 119 more
CVE-2021-46854
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
Proftpd Proftpd<1.3.7c
CVE-2020-9273
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
debian/proftpd-dfsg
debian/proftpd-dfsg<=1.3.5b-4+deb9u3<=1.3.6-1<=1.3.5b-1<=1.3.6-4+deb10u3
Proftpd Proftpd=1.3.7
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 9 more
CVE-2020-9272
ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
Proftpd Proftpd<1.3.6c
IBM Security Verify Access<3.0
IBM Security Verify Access
Siemens Simatic Net Cp 1545-1 Firmware
Siemens Simatic Net Cp 1545-1
openSUSE Backports SLE=15.0
and 2 more
CVE-2019-19269
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encounteri...
Proftpd Proftpd<=1.3.5e
Proftpd Proftpd=1.3.6
Proftpd Proftpd=1.3.6-alpha
Proftpd Proftpd=1.3.6-beta
Proftpd Proftpd=1.3.6-rc1
Proftpd Proftpd=1.3.6-rc2
and 5 more
CVE-2019-19271
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can ca...
Proftpd Proftpd<1.3.6
CVE-2019-19270
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for is...
Proftpd Proftpd<=1.3.5
Proftpd Proftpd=1.3.6
Proftpd Proftpd=1.3.6-alpha
Proftpd Proftpd=1.3.6-beta
Fedoraproject Fedora=30
Fedoraproject Fedora=31
CVE-2019-18217
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite...
debian/proftpd-dfsg<=1.3.6a-1<=1.3.6-6<=1.3.5b-4+deb9u1<=1.3.6-4+deb10u1<=1.3.5b-1
debian/proftpd-dfsg
Proftpd Proftpd<=1.3.5
Proftpd Proftpd=1.3.6
Proftpd Proftpd=1.3.6-a
Proftpd Proftpd=1.3.6-rc1
and 4 more
CVE-2019-12815
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
debian/proftpd-dfsg
debian/proftpd-dfsg<=1.3.6-5<=1.3.5b-4<=1.3.6-4
Proftpd Proftpd<=1.3.5b
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Debian Debian Linux=8.0
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203