VYPR

Vsftpd

by Vsftpd Project

CVEs (7)

  • CVE-2025-14242MedJan 14, 2026
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

  • CVE-2011-2523Nov 27, 2019
    risk 0.11cvss epss 0.96

    vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

  • CVE-2011-0762Mar 2, 2011
    risk 0.09cvss epss 0.73

    The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability…

  • CVE-2021-30047Aug 22, 2023
    risk 0.03cvss epss 0.03

    VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

  • CVE-2015-1419Jan 28, 2015
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

  • CVE-2004-2259Dec 31, 2004
    risk 0.00cvss epss 0.02

    vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.

  • CVE-2004-0042Feb 3, 2004
    risk 0.00cvss epss 0.01

    vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.