Troglobit
Products
6- 5 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-37182 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation… | ||
| CVE-2025-29906 | Hig | 0.49 | 8.6 | 0.00 | Apr 29, 2025 | Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been… | ||
| CVE-2025-32022 | Med | 0.23 | 4.6 | 0.00 | May 6, 2025 | Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so… | ||
| CVE-2020-20277 | 0.05 | — | 0.25 | Dec 18, 2020 | There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files… | |||
| CVE-2022-48620 | 0.00 | — | 0.01 | Jan 12, 2024 | uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. | |||
| CVE-2020-20276 | 0.00 | — | 0.03 | Dec 18, 2020 | An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | |||
| CVE-2020-14149 | 0.00 | — | 0.02 | Jun 15, 2020 | In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command. | |||
| CVE-2020-5221 | 0.00 | — | 0.01 | Jan 22, 2020 | In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has… | |||
| CVE-2020-5204 | 0.00 | — | 0.01 | Jan 6, 2020 | In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4… | |||
| CVE-2019-14323 | 0.00 | — | 0.02 | Jul 28, 2019 | SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c. | |||
| CVE-2011-0007 | 0.00 | — | 0.00 | Jan 11, 2011 | pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent. |
- risk 0.49cvss 7.5epss 0.00
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation…
- risk 0.49cvss 8.6epss 0.00
Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been…
- risk 0.23cvss 4.6epss 0.00
Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so…
- CVE-2020-20277Dec 18, 2020risk 0.05cvss —epss 0.25
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files…
- CVE-2022-48620Jan 12, 2024risk 0.00cvss —epss 0.01
uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.
- CVE-2020-20276Dec 18, 2020risk 0.00cvss —epss 0.03
An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.
- CVE-2020-14149Jun 15, 2020risk 0.00cvss —epss 0.02
In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.
- CVE-2020-5221Jan 22, 2020risk 0.00cvss —epss 0.01
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has…
- CVE-2020-5204Jan 6, 2020risk 0.00cvss —epss 0.01
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4…
- CVE-2019-14323Jul 28, 2019risk 0.00cvss —epss 0.02
SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c.
- CVE-2011-0007Jan 11, 2011risk 0.00cvss —epss 0.00
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.