CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3618 – Ubuntu Security Notice USN-6379-1
https://notcve.org/view.php?id=CVE-2021-3618
23 Mar 2022 — ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at ... • https://alpaca-attack.com • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 32CVE-2011-2523 – vsftpd 2.3.4 - Backdoor Command Execution
https://notcve.org/view.php?id=CVE-2011-2523
27 Nov 2019 — vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. vsftpd versión 2.3.4 descargado entre 20110630 y 20110703, contiene una puerta trasera (backdoor) que abre un shell en el puerto 6200/tcp. • https://packetstorm.news/files/id/162145 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 35%CPEs: 3EXPL: 0CVE-2015-1419
https://notcve.org/view.php?id=CVE-2015-1419
28 Jan 2015 — Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Una vulnerabilidad no especificada en vsftpd versiones 3.0.2 y anteriores permite a los atacantes remotos omitir las restricciones de acceso por medio de vectores desconocidos, relacionados con el análisis deny_file. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00023.html •