Vsftpd
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14242 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2026 | A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. | ||
| CVE-2011-2523 | 0.11 | — | 0.96 | Nov 27, 2019 | vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | |||
| CVE-2011-0762 | 0.09 | — | 0.73 | Mar 2, 2011 | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability… | |||
| CVE-2021-30047 | 0.03 | — | 0.03 | Aug 22, 2023 | VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | |||
| CVE-2015-1419 | 0.01 | — | 0.07 | Jan 28, 2015 | Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. | |||
| CVE-2004-2259 | 0.00 | — | 0.02 | Dec 31, 2004 | vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant. | |||
| CVE-2004-0042 | 0.00 | — | 0.01 | Feb 3, 2004 | vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. |
- risk 0.42cvss 6.5epss 0.01
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.
- CVE-2011-2523Nov 27, 2019risk 0.11cvss —epss 0.96
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
- CVE-2011-0762Mar 2, 2011risk 0.09cvss —epss 0.73
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability…
- CVE-2021-30047Aug 22, 2023risk 0.03cvss —epss 0.03
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
- CVE-2015-1419Jan 28, 2015risk 0.01cvss —epss 0.07
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
- CVE-2004-2259Dec 31, 2004risk 0.00cvss —epss 0.02
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
- CVE-2004-0042Feb 3, 2004risk 0.00cvss —epss 0.01
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.