Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tftp tftp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-3271
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote malicious users to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
Cisco Ios 12.2
Cisco Ios 15.1
NA
CVE-2009-2957
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq prior to 2.50, when --enable-tftp is used, might allow remote malicious users to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
Thekelleys Dnsmasq 2.48
Thekelleys Dnsmasq 2.47
Thekelleys Dnsmasq 2.35
Thekelleys Dnsmasq 2.22
Thekelleys Dnsmasq 2.34
Thekelleys Dnsmasq 2.33
Thekelleys Dnsmasq 2.31
Thekelleys Dnsmasq 2.23
Thekelleys Dnsmasq 2.21
Thekelleys Dnsmasq 2.14
Thekelleys Dnsmasq 2.13
Thekelleys Dnsmasq 2.5
Thekelleys Dnsmasq 2.4
Thekelleys Dnsmasq 1.16
Thekelleys Dnsmasq 1.15
Thekelleys Dnsmasq 1.8
Thekelleys Dnsmasq 1.7
Thekelleys Dnsmasq 0.992
Thekelleys Dnsmasq 0.98
Thekelleys Dnsmasq
Thekelleys Dnsmasq 2.44
Thekelleys Dnsmasq 2.43
1 EDB exploit
NA
CVE-2009-2958
The tftp_request function in tftp.c in dnsmasq prior to 2.50, when --enable-tftp is used, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
Thekelleys Dnsmasq 2.45
Thekelleys Dnsmasq 2.44
Thekelleys Dnsmasq 2.40
Thekelleys Dnsmasq 2.39
Thekelleys Dnsmasq 2.29
Thekelleys Dnsmasq 2.28
Thekelleys Dnsmasq 2.19
Thekelleys Dnsmasq 2.18
Thekelleys Dnsmasq 2.43
Thekelleys Dnsmasq 2.42
Thekelleys Dnsmasq 2.38
Thekelleys Dnsmasq 2.37
Thekelleys Dnsmasq 2.36
Thekelleys Dnsmasq 2.27
Thekelleys Dnsmasq 2.26
Thekelleys Dnsmasq 2.17
Thekelleys Dnsmasq 2.16
Thekelleys Dnsmasq 2.9
Thekelleys Dnsmasq 2.8
Thekelleys Dnsmasq 2.7
Thekelleys Dnsmasq 2.0
Thekelleys Dnsmasq 1.18
1 EDB exploit
NA
CVE-2006-1061
Heap-based buffer overflow in cURL and libcURL 7.15.0 up to and including 7.15.2 allows remote malicious users to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
Daniel Stenberg Curl 7.15.1
Daniel Stenberg Curl 7.15.2
Daniel Stenberg Curl 7.15.0
9.8
CVSSv3
CVE-2018-18439
DENX U-Boot up to and including 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
Denx U-boot 2018.09
Denx U-boot
NA
CVE-2010-4684
Cisco IOS prior to 15.0(1)XA1, when certain TFTP debugging is enabled, allows remote malicious users to cause a denial of service (device crash) via a TFTP copy over IPv6, aka Bug ID CSCtb28877.
Cisco Ios
NA
CVE-2004-0951
The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote malicious users to obtain sensitive information.
Hp Ignite-ux C.6.2.241
6.7
CVSSv3
CVE-2021-42757
A buffer overflow [CWE-121] in the TFTP client library of FortiOS prior to 6.4.7 and FortiOS 7.0.0 up to and including 7.0.2, may allow an authenticated local malicious user to achieve arbitrary code execution via specially crafted command line arguments.
Fortinet Fortiweb 6.4.0
Fortinet Fortios
Fortinet Fortiweb 6.4.1
Fortinet Fortiproxy 7.0.0
Fortinet Fortimanager
Fortinet Fortianalyzer
Fortinet Fortiproxy 7.0.1
Fortinet Fortimail
Fortinet Fortios-6k7k 6.4.6
Fortinet Fortios-6k7k 6.4.2
Fortinet Fortiweb
Fortinet Fortiproxy
Fortinet Fortindr
Fortinet Fortiswitch
Fortinet Fortirecorder Firmware
Fortinet Fortios-6k7k
Fortinet Fortiadc
Fortinet Fortiportal
Fortinet Fortivoice
9.1
CVSSv3
CVE-2023-5376
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01.
Korenix Jetnet 5310g Firmware 2.6
Korenix Jetnet 4508 Firmware 2.3
Korenix Jetnet 4508i-w Firmware 1.3
Korenix Jetnet 4508-w Firmware 2.3
Korenix Jetnet 4508if-s Firmware 1.3
Korenix Jetnet 4508if-m Firmware 1.3
Korenix Jetnet 4508if-sw Firmware 1.3
Korenix Jetnet 4508if-mw Firmware 1.3
Korenix Jetnet 4508f-m Firmware 2.3
Korenix Jetnet 4508f-s Firmware 2.3
Korenix Jetnet 4508f-mw Firmware 2.3
Korenix Jetnet 4508f-sw Firmware 2.3
Korenix Jetnet 5620g-4c Firmware 1.1
Korenix Jetnet 5612gp-4f Firmware 1.2
Korenix Jetnet 5612g-4f Firmware 1.2
Korenix Jetnet 5728g-24p-ac-2dc-us Firmware 2.1
Korenix Jetnet 5728g-24p-ac-2dc-eu Firmware 2.1
Korenix Jetnet 6528gf-2ac-eu Firmware 1.0
Korenix Jetnet 6528gf-2ac-us Firmware 1.0
Korenix Jetnet 6528gf-2dc24 Firmware 1.0
Korenix Jetnet 6528gf-2dc48 Firmware 1.0
Korenix Jetnet 6528gf-ac-eu Firmware 1.0
7.5
CVSSv3
CVE-2017-7183
The TFTP server in ExtraPuTTY 0.30 and previous versions allows remote malicious users to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
Extraputty Extraputty
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »