CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40524
https://notcve.org/view.php?id=CVE-2021-40524
05 Sep 2021 — In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.) En Pure-FTPd antes de la versión 1.0.50, un mecanismo incorrecto de cuota max_filesize en el servidor permite a los atacantes subir archivos de tamaño no limitado, lo que puede llev... • https://github.com/jedisct1/pure-ftpd/commit/37ad222868e52271905b94afea4fc780d83294b4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-9274 – Gentoo Linux Security Advisory 202003-54
https://notcve.org/view.php?id=CVE-2020-9274
26 Feb 2020 — An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. Se detectó un problema en Pure-FTPd versión 1.0.49. • https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa • CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12170
https://notcve.org/view.php?id=CVE-2017-12170
21 Sep 2017 — Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. La versión downstream 1.0.46-1 de pure-ftpd, tal y como viene distribuido en Fedora, es vulnerable a los errores de empaquetado ya que se ignora la confi... • https://bugzilla.redhat.com/show_bug.cgi?id=1493114 •