CVE Tools

pureftpd

Communicationsoss-project

7

Cumulative CVEs

5

Monthly snapshots

#40

Peak rank

Top products

Latest CVEs

The 12 most recently published vulnerabilities affecting pureftpd.

CVE-2024-48208pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.8.6Oct 24, 2024
CVE-2021-40524In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This oc...7.5Sep 5, 2021
CVE-2020-35359Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.7.5Dec 26, 2020
CVE-2020-9274An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) ...7.5Feb 26, 2020
CVE-2020-9365An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.7.5Feb 24, 2020
CVE-2019-20176In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.7.5Dec 31, 2019
CVE-2017-12170Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with def...9.8Sep 21, 2017
CVE-2011-3171Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote ser...3.6Nov 4, 2011
CVE-2011-0418The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a den...4.0May 24, 2011
CVE-2011-1575The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessi...5.8May 23, 2011
CVE-2011-0988pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allo...4.4Apr 18, 2011
CVE-2004-0656The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.5.0Jul 13, 2004