Search CVE reports
1 – 10 of 34 results
CVE-2024-57392
Medium priorityBuffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-48651
Medium priorityIn ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Fixed | Fixed | Fixed | Not affected | Not affected |
CVE-2023-51713
Medium prioritySome fixes available 2 of 6
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-48795
Medium prioritySome fixes available 34 of 77
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| dropbear | Needs evaluation | Fixed | Fixed | Fixed | Needs evaluation |
| filezilla | Fixed | Fixed | Fixed | Not affected | Not affected |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libssh | Not affected | Fixed | Fixed | Not affected | Not affected |
| libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lxd | Not in release | Not in release | Not affected | Fixed | Fixed |
| openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Not in release |
| paramiko | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| proftpd-dfsg | Not affected | Not affected | Fixed | Needs evaluation | Needs evaluation |
| putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-asyncssh | Fixed | Fixed | Fixed | Ignored | Ignored |
| snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-46854
Medium prioritymod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters.
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Not affected | Not affected | Needs evaluation | Needs evaluation | Not affected |
CVE-2020-9273
Medium priorityIn ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2020-9272
Medium priorityProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | — | — | — | Not affected | Not affected |
CVE-2019-19269
Medium priorityAn issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a...
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-19272
Medium priorityAn issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a...
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2019-19271
Medium priorityAn issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be...
1 affected package
proftpd-dfsg
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| proftpd-dfsg | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |