Pure-FTPd 1.0.23

CPE Details

Pure-FTPd 1.0.23
pureftpd
pure-ftpd
1.0.23
2021-11-24
11h27 +00:00
2022-02-08
16h28 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pureftpd:pure-ftpd:1.0.23:*:*:*:*:*:*:*

Informations

Vendor

pureftpd

Product

pure-ftpd

Version

1.0.23

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-40524 2021-09-05 16h26 +00:00 In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
7.5
High
CVE-2020-9274 2020-02-26 14h29 +00:00 An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
7.5
High
CVE-2011-0418 2011-05-24 21h00 +00:00 The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
4
CVE-2011-1575 2011-05-23 20h00 +00:00 The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
5.8