← Back

Vsftpd

vsftpd

Vendor: Vsftpd Project • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-30047
1Vsftpd Project
1Vsftpd
Nov 21, 2024
Aug 22, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
CVE-2021-3618
5Debian
F5Fedoraproject+2 more
5Debian Linux
FedoraNginx+2 more
Nov 21, 2024
Mar 23, 2022
N/A· v4
7.4 HIGH· v3
5.8 MEDIUM· v2
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker...Show more
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.Show less
CVE-2011-2523
2Debian
Vsftpd Project
2Debian Linux
Vsftpd
Nov 21, 2024
Nov 27, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVE-2015-1419
2Opensuse
Vsftpd Project
2Opensuse
Vsftpd
May 6, 2026
Jan 28, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.
CVE-2011-0762
6Canonical
DebianFedoraproject+3 more
6Debian Linux
FedoraLinux Enterprise Server+3 more
Apr 29, 2026
Mar 2, 2011
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT com...Show more
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.Show less