CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-51713
https://notcve.org/view.php?id=CVE-2023-51713
22 Dec 2023 — make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics. make_ftp_cmd en main.c en ProFTPD anterior a 1.3.8a tiene una lectura fuera de los límites de un byte y el daemon falla debido a un mal manejo de las semánticas de quote/backslash. • https://github.com/proftpd/proftpd/blob/1.3.8/NEWS • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 95%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46854 – Gentoo Linux Security Advisory 202305-03
https://notcve.org/view.php?id=CVE-2021-46854
23 Nov 2022 — mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. mod_radius en ProFTPD anterior a 1.3.7c permite la divulgación de memoria a servidores RADIUS porque copia bloques de 16 caracteres. A vulnerability has been discovered in ProFTPd which could result in memory disclosure. Versions less than 1.3.7c are affected. • http://www.proftpd.org/docs/RELEASE_NOTES-1.3.7e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-9272 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2020-9272
20 Feb 2020 — ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. ProFTPD versión 1.3.7, presenta una vulnerabilidad de lectura fuera de límites (OOB) en mod_cap por medio de la función cap_to_text del archivo cap_text.c. Multiple vulnerabilities have been found in ProFTPd, the worst of which may lead to arbitrary code execution. Versions less than 1.3.6c are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00002.html • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2019-19269 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2019-19269
26 Nov 2019 — An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. Se detectó un problema en tls_verify_crl en ProFTPD versiones hasta 1.3.6b. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19270
https://notcve.org/view.php?id=CVE-2019-19270
26 Nov 2019 — An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. Se detectó un problema en la función tls_verify_crl en ProFTPD versiones hasta 1.3.6b. Un fallo en la comprobación del campo apropiado de una entra... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19271
https://notcve.org/view.php?id=CVE-2019-19271
26 Nov 2019 — An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. Se detectó un problema en la función tls_verify_crl en ProFTPD versiones anteriores a 1.3.6. Una variable de iteración errónea, utilizada cuando se comprueba un certificado ... • https://github.com/proftpd/proftpd/issues/860 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19272
https://notcve.org/view.php?id=CVE-2019-19272
26 Nov 2019 — An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. Se detectó un problema en la función tls_verify_crl en ProFTPD versiones anteriores a 1.3.6. Una desreferencia directa de un puntero NULL (una variable inicializada en NULL) conlleva a un bloqueo al comprobar el certificado de un cliente... • https://github.com/proftpd/proftpd/issues/858 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 91%CPEs: 8EXPL: 1CVE-2019-18217 – Gentoo Linux Security Advisory 202003-35
https://notcve.org/view.php?id=CVE-2019-18217
21 Oct 2019 — ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop. ProFTPD versiones anteriores a 1.3.6b y versiones 1.3.7rc anteriores a 1.3.7rc2, permite una denegación de servicio remota no autenticada debido al manejo incorrecto de comandos demasiado largos porque el archivo main.c en un proceso secundario entra en un bucle infinito. Multiple vulnerabilities have be... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.8EPSS: 73%CPEs: 11EXPL: 3CVE-2019-12815 – Debian Security Advisory 4491-1
https://notcve.org/view.php?id=CVE-2019-12815
19 Jul 2019 — An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Una vulnerabilidad de copia de archivo arbitraria en mod_copy en ProFTPD hasta versión 1.3.5b, permite la ejecución de código remota y la divulgación de información sin autenticación, un problema relacionado con CVE-2015-3306. Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performe... • https://github.com/KTN1990/CVE-2019-12815 • CWE-755: Improper Handling of Exceptional Conditions •