This page lists publicly disclosed CVE vulnerabilities affecting vsftpd_project vsftpd (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-30047 | VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | [email protected] | 7.5 | 33.88% | 2023-08-22 | 2024-11-21 |
| CVE-2021-3618 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise t | [email protected] | 7.4 | 0.61% | 2022-03-23 | 2024-11-21 |
| CVE-2011-2523 | vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp. | [email protected] | 9.8 | 94.26% | 2019-11-27 | 2024-11-21 |
| CVE-2015-1419 | Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. | [email protected] | 5.0 | 76.09% | 2015-01-28 | 2026-05-06 |
| CVE-2011-0762 | The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. | [email protected] | 4.0 | 45.28% | 2011-03-02 | 2026-04-29 |