Every CVE whose affected-product data names Pureftpd Pure-ftpd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2017-12170 — CVSS 9.8 (critical): Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was…
CVE-2024-48208 — CVSS 8.6 (high): pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
CVE-2020-35359 — CVSS 7.5 (high): Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
CVE-2020-9274 — CVSS 7.5 (high): An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When…
CVE-2020-9365 — CVSS 7.5 (high): An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.
CVE-2021-40524 — CVSS 7.5 (high): In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size…
CVE-2011-1575 — CVSS 5.8 (medium): The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows…
CVE-2011-0988 — CVSS 4.4 (medium): pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware…
CVE-2011-0418 — CVSS 4.0 (medium): The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly…
CVE-2011-3171 — CVSS 3.6 (low): Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and…