Pure-FTPd 1.0.46-1

CPE Details

Pure-FTPd 1.0.46-1
pureftpd
pure-ftpd
1.0.46-1
2019-07-23
09h50 +00:00
2019-07-23
09h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pureftpd:pure-ftpd:1.0.46-1:*:*:*:*:*:*:*

Informations

Vendor

pureftpd

Product

pure-ftpd

Version

1.0.46-1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-40524 2021-09-05 16h26 +00:00 In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
7.5
High
CVE-2020-9274 2020-02-26 14h29 +00:00 An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
7.5
High
CVE-2017-12170 2017-09-21 20h00 +00:00 Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.