VYPR

rpm package

opensuse/pure-ftpd&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/pure-ftpd&distro=openSUSE%20Tumbleweed

Vulnerabilities (7)

  • CVE-2024-48208Oct 24, 2024
    affected < 1.0.51-5.1fixed 1.0.51-5.1

    pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.

  • CVE-2021-40524Sep 5, 2021
    affected < 1.0.50-1.1fixed 1.0.50-1.1

    In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 val

  • CVE-2020-9274Feb 26, 2020
    affected < 1.0.50-1.1fixed 1.0.50-1.1

    An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and tr

  • CVE-2020-9365Feb 24, 2020
    affected < 1.0.50-1.1fixed 1.0.50-1.1

    An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.

  • CVE-2019-20176Dec 31, 2019
    affected < 1.0.50-1.1fixed 1.0.50-1.1

    In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.

  • CVE-2011-0418May 24, 2011
    affected < 1.0.43-1.3fixed 1.0.43-1.3

    The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

  • CVE-2011-0411Mar 16, 2011
    affected < 1.0.43-1.3fixed 1.0.43-1.3

    The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext co