CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1555 matches found

SUSE CVE•added 2023/02/15 4:11 a.m.•9 views

SUSE CVE-2019-12815

An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...

9.8CVSS8AI score0.76465EPSS

Exploits20References6

SUSE CVE•added 2023/02/15 4:7 a.m.•2 views

SUSE CVE-2019-18217

ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop...

7.5CVSS6.5AI score0.03313EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 4:6 a.m.•1 views

SUSE CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

7.5CVSS6.3AI score0.0066EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:6 a.m.•0 views

SUSE CVE-2019-19270

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

7.5CVSS6.4AI score0.00198EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:6 a.m.•1 views

SUSE CVE-2019-19269

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL skX509REVOKEDvalue function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the...

4.9CVSS6.6AI score0.0103EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:6 a.m.•1 views

SUSE CVE-2019-19272

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer a variable initialized to NULL leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup...

7.5CVSS6.2AI score0.00255EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:0 a.m.•1 views

SUSE CVE-2020-9273

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, and possible remote code execution...

8.8CVSS7.4AI score0.60223EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 4:0 a.m.•1 views

SUSE CVE-2020-9272

ProFTPD 1.3.7 has an out-of-bounds OOB read vulnerability in modcap via the captext.c captotext function...

7.5CVSS6.8AI score0.00433EPSS

Exploits0References4

OSV•added 2022/12/05 11:4 a.m.•2 views

OESA-2022-2127 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

7.5CVSS6.9AI score0.01803EPSS

Exploits1References2

OSV•added 2022/12/05 11:4 a.m.•2 views

OESA-2022-2128 proftpd security update

7.5CVSS6.9AI score0.01803EPSS

Exploits1References2