Proftpd

Proftpd

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-9272

  • EPSS 0.43%
  • Veröffentlicht 20.02.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:19

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.

4.9

CVE-2019-19269

  • EPSS 1.03%
  • Veröffentlicht 30.11.2019 23:15:18
  • Zuletzt bearbeitet 21.11.2024 04:34:27

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrato...

7.5

CVE-2019-19272

  • EPSS 0.26%
  • Veröffentlicht 26.11.2019 04:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:28

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutu...

7.5

CVE-2019-19271

  • EPSS 0.66%
  • Veröffentlicht 26.11.2019 04:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:28

An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow ...

7.5

CVE-2019-19270

  • EPSS 0.2%
  • Veröffentlicht 26.11.2019 04:15:12
  • Zuletzt bearbeitet 21.11.2024 04:34:27

An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken in...

7.5

CVE-2019-18217

Exploit
  • EPSS 3.31%
  • Veröffentlicht 21.10.2019 04:15:10
  • Zuletzt bearbeitet 21.11.2024 04:32:51

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.

9.8

CVE-2019-12815

Exploit
  • EPSS 76.9%
  • Veröffentlicht 19.07.2019 23:15:11
  • Zuletzt bearbeitet 04.11.2025 16:15:42

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

5.5

CVE-2017-7418

  • EPSS 0.04%
  • Veröffentlicht 04.04.2017 17:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlin...

7.5

CVE-2016-3125

  • EPSS 1.37%
  • Veröffentlicht 05.04.2016 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecif...

10

CVE-2015-3306

Exploit
  • EPSS 93.68%
  • Veröffentlicht 18.05.2015 15:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.