Known Vulnerabilities for products from Proftpd
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Proftpd".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-9273 | In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-af... | 8.8 - HIGH | 2020-02-20 | 2023-11-07 |
| CVE-2020-9272 | ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | 7.5 - HIGH | 2020-02-20 | 2021-11-09 |
| CVE-2019-19272 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initializ... | 7.5 - HIGH | 2019-11-26 | 2019-12-11 |
| CVE-2019-19271 | An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client ce... | 7.5 - HIGH | 2019-11-26 | 2019-12-11 |
| CVE-2019-19270 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entr... | 7.5 - HIGH | 2019-11-26 | 2023-11-07 |
| CVE-2019-19269 | An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer ... | 4.9 - MEDIUM | 2019-11-30 | 2023-11-07 |
| CVE-2019-18217 | ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling o... | 7.5 - HIGH | 2019-10-21 | 2023-11-07 |
| CVE-2019-12815 | An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information dis... | 9.8 - CRITICAL | 2019-07-19 | 2023-11-07 |
| CVE-2017-7418 | ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link t... | 5.5 - MEDIUM | 2017-04-04 | 2019-08-08 |
| CVE-2016-3125 | The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, ... | 7.5 - HIGH | 2016-04-05 | 2018-10-30 |
| CVE-2015-3306 | The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site ... | 10 - HIGH | 2015-05-18 | 2021-05-26 |
| CVE-2013-4359 | Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (... | 5 - MEDIUM | 2013-09-30 | 2016-12-31 |
| CVE-2012-6095 | ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files vi... | 1.2 - LOW | 2013-01-24 | 2013-01-25 |
| CVE-2011-4130 | Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitr... | 9 - HIGH | 2011-12-06 | 2011-12-08 |
| CVE-2011-1137 | Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of... | 5 - MEDIUM | 2011-03-11 | 2011-09-07 |
| CVE-2010-4652 | Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is en... | 6.8 - MEDIUM | 2011-02-02 | 2011-03-18 |
| CVE-2010-4221 | Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote a... | 10 - HIGH | 2010-11-09 | 2011-09-15 |
| CVE-2010-3867 | Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated ... | 7.1 - HIGH | 2010-11-09 | 2011-09-15 |
| CVE-2009-3639 | The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does ... | 5.8 - MEDIUM | 2009-10-28 | 2017-08-17 |
| CVE-2009-0543 | ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via inv... | 6.8 - MEDIUM | 2009-02-12 | 2009-06-09 |
Known software with vulnerabilities from Proftpd
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Proftpd | Proftpd | 1.2.0 |