Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Coreftp

Source -

CNA

BOS Name -

N/A

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
2Vulnerabilities found
CVE-2019-25686
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 20:45
Updated-09 Apr, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.

Action-Not Available
Vendor-coreftpCoreftp
Product-core_ftpCore FTP
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-25654
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.05% / 15.73%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 11:02
Updated-08 Apr, 2026 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow

Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.

Action-Not Available
Vendor-coreftpCoreftp
Product-core_ftpCore FTP/SFTP Server
CWE ID-CWE-787
Out-of-bounds Write