rpm package
opensuse/pure-ftpd&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/pure-ftpd&distro=openSUSE%20Tumbleweed
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-48208 | — | < 1.0.51-5.1 | 1.0.51-5.1 | Oct 24, 2024 | pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file. | ||
| CVE-2021-40524 | — | < 1.0.50-1.1 | 1.0.50-1.1 | Sep 5, 2021 | In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 val | ||
| CVE-2020-9274 | — | < 1.0.50-1.1 | 1.0.50-1.1 | Feb 26, 2020 | An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and tr | ||
| CVE-2020-9365 | — | < 1.0.50-1.1 | 1.0.50-1.1 | Feb 24, 2020 | An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. | ||
| CVE-2019-20176 | — | < 1.0.50-1.1 | 1.0.50-1.1 | Dec 31, 2019 | In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c. | ||
| CVE-2011-0418 | — | < 1.0.43-1.3 | 1.0.43-1.3 | May 24, 2011 | The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command. | ||
| CVE-2011-0411 | — | < 1.0.43-1.3 | 1.0.43-1.3 | Mar 16, 2011 | The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext co |
- CVE-2024-48208Oct 24, 2024affected < 1.0.51-5.1fixed 1.0.51-5.1
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
- CVE-2021-40524Sep 5, 2021affected < 1.0.50-1.1fixed 1.0.50-1.1
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 val
- CVE-2020-9274Feb 26, 2020affected < 1.0.50-1.1fixed 1.0.50-1.1
An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and tr
- CVE-2020-9365Feb 24, 2020affected < 1.0.50-1.1fixed 1.0.50-1.1
An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
- CVE-2019-20176Dec 31, 2019affected < 1.0.50-1.1fixed 1.0.50-1.1
In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.
- CVE-2011-0418May 24, 2011affected < 1.0.43-1.3fixed 1.0.43-1.3
The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
- CVE-2011-0411Mar 16, 2011affected < 1.0.43-1.3fixed 1.0.43-1.3
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext co