Tftpd32
by Tftpd32
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-54338 | Hig | 0.55 | 8.4 | 0.00 | Jan 13, 2026 | Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with… | ||
| CVE-2002-2226 | 0.08 | — | 0.63 | Dec 31, 2002 | Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument. | |||
| CVE-2006-0328 | 0.04 | — | 0.08 | Jan 21, 2006 | Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | |||
| CVE-2002-2353 | 0.04 | — | 0.07 | Dec 31, 2002 | tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. | |||
| CVE-2013-6809 | 0.00 | — | 0.03 | Dec 13, 2013 | Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field. | |||
| CVE-2006-6141 | 0.00 | — | 0.04 | Nov 28, 2006 | Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window. |
- risk 0.55cvss 8.4epss 0.00
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with…
- CVE-2002-2226Dec 31, 2002risk 0.08cvss —epss 0.63
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
- CVE-2006-0328Jan 21, 2006risk 0.04cvss —epss 0.08
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
- CVE-2002-2353Dec 31, 2002risk 0.04cvss —epss 0.07
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
- CVE-2013-6809Dec 13, 2013risk 0.00cvss —epss 0.03
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field.
- CVE-2006-6141Nov 28, 2006risk 0.00cvss —epss 0.04
Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window.