CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30047
https://notcve.org/view.php?id=CVE-2021-30047
22 Aug 2023 — VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. VSFTPD 3.0.3 permite a los atacantes provocar una denegación de servicio debido al número limitado de conexiones permitidas. • https://www.exploit-db.com/exploits/49719 •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3618 – Ubuntu Security Notice USN-6379-1
https://notcve.org/view.php?id=CVE-2021-3618
23 Mar 2022 — ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at ... • https://alpaca-attack.com • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 26CVE-2011-2523 – vsftpd 2.3.4 - Backdoor Command Execution
https://notcve.org/view.php?id=CVE-2011-2523
27 Nov 2019 — vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. vsftpd versión 2.3.4 descargado entre 20110630 y 20110703, contiene una puerta trasera (backdoor) que abre un shell en el puerto 6200/tcp. • https://packetstorm.news/files/id/162145 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 35%CPEs: 3EXPL: 0CVE-2015-1419
https://notcve.org/view.php?id=CVE-2015-1419
28 Jan 2015 — Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Una vulnerabilidad no especificada en vsftpd versiones 3.0.2 y anteriores permite a los atacantes remotos omitir las restricciones de acceso por medio de vectores desconocidos, relacionados con el análisis deny_file. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html •
CVSS: 6.5EPSS: 26%CPEs: 19EXPL: 6CVE-2011-0762 – vsftpd 2.3.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2011-0762
02 Mar 2011 — The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. La función vsf_filename_passes_filter de ls.c de vsftpd en versiones anteriores a la 2.3.3 permite a usuarios autenticados remotos provocar una denegación de servicio (consumo de toda la CPU y agotamiento de los sl... • https://packetstorm.news/files/id/180501 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 3%CPEs: 33EXPL: 1CVE-2008-2375 – older vsftpd authentication memory leak
https://notcve.org/view.php?id=CVE-2008-2375
09 Jul 2008 — Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. Fuga de memoria en cierta implementación de Red Hat de vsftpd anterior a 2.0.5 en Red Hat Enterprise Linux (RHEL) 3 y 4, cuando se utiliza PAM, permite a atacantes remotos provocar una... • http://secunia.com/advisories/31007 • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2004-2259
https://notcve.org/view.php?id=CVE-2004-2259
31 Dec 2004 — vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. • ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-1.2.2/Changelog •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0042
https://notcve.org/view.php?id=CVE-2004-0042
14 Jan 2004 — vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. vsftpd 1.1.3 genera diferentes mensajes de error dependiendo de si existe o no un nombre de usuario válido, lo que permite que atacantes remotos identifiquen nombres de usuarios válidos. • http://securitytracker.com/id?1008628 •