Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
proftpd proftpd 1.3.6 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18217
ProFTPD prior to 1.3.6b and 1.3.7rc prior to 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
Proftpd Proftpd 1.3.6
Proftpd Proftpd 1.3.7
Proftpd Proftpd
2.1
CVSSv2
CVE-2017-7418
ProFTPD prior to 1.3.5e and 1.3.6 prior to 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local a...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
5
CVSSv2
CVE-2019-19270
An issue exists in tls_verify_crl in ProFTPD up to and including 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow ...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Fedoraproject Fedora 30
Fedoraproject Fedora 31
5
CVSSv2
CVE-2016-3125
The mod_tls module in ProFTPD prior to 1.3.5b and 1.3.6 prior to 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow malicious users to have unspecified impact via unkno...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Opensuse Opensuse 13.1
Fedoraproject Fedora 22
Fedoraproject Fedora 23
4
CVSSv2
CVE-2019-19269
An issue exists in tls_verify_crl in ProFTPD up to and including 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs ...
Proftpd Proftpd 1.3.6
Proftpd Proftpd
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-19272
An issue exists in tls_verify_crl in ProFTPD prior to 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.
Proftpd Proftpd
5
CVSSv2
CVE-2019-19271
An issue exists in tls_verify_crl in ProFTPD prior to 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been...
Proftpd Proftpd
7.5
CVSSv2
CVE-2019-12815
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
Proftpd Proftpd
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Siemens Simatic Cp 1543-1 Firmware
2 Github repositories
9
CVSSv2
CVE-2020-9273
In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
Proftpd Proftpd 1.3.7
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Siemens Simatic Net Cp 1545-1 Firmware -
Siemens Simatic Net Cp 1543-1 Firmware
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started