Debian Tnftp vulnerabilities
2 known vulnerabilities affecting debian/tnftp.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2014-8517P2LOWCVSS 7.5PoCfixed in tnftp 20130505-2 (bookworm)2014
CVE-2014-8517 [HIGH] CVE-2014-8517: tnftp - The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 th...
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
Scope: local
bookworm: resolved (fixed in 20130505-2)
bullseye: resolved (fixed in 20130505-2)
forky: resolv
debian
CVE-2004-1294P4MEDIUMCVSS 5.0fixed in tnftp 20050625-0.1 (bookworm)2004
CVE-2004-1294 [MEDIUM] CVE-2004-1294: tnftp - The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to over...
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
Scope: local
bookworm: resolved (fixed in 20050625-0.1)
bullseye: resolved (fixed in 20050625-0.1)
forky: resolved (fixed in 20050625-0.1)
sid: resolved (fixed in 20050625-0.1)
trixie: resolved (fixed
debian