Lucene search
K

158 matches found

OSV
OSV
added 2022/05/17 5:47 a.m.31 views

GHSA-HW4G-FHCP-X5MQ Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...

8.7CVSS7.4AI score0.01582EPSS
Exploits0References15
OSV
OSV
added 2022/05/17 5:47 a.m.18 views

GHSA-8P2C-FGHC-9HJ4 Improper input validation in pyftpdlib

The ftpQUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service file descriptor exhaustion and daemon outage by sending a QUIT command during a disallowed data-transfer attempt...

5.3CVSS6.1AI score0.01375EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/05/17 5:47 a.m.26 views

Improper input validation in pyftpdlib

The ftpQUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service file descriptor exhaustion and daemon outage by sending a QUIT command during a disallowed data-transfer attempt...

4CVSS4.4AI score0.01375EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:47 a.m.35 views

Improper Authentication in pyftpdlib

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.5CVSS6.7AI score0.0156EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 5:47 a.m.30 views

Directory traversal in pyftpdlib

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a 1 CWD, 2 DELE, 3 STOR, or 4 RETR command...

6.5CVSS5.6AI score0.01412EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 5:47 a.m.27 views

GHSA-Q6W2-JXCM-2CRJ Improper Authentication in pyftpdlib

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.3CVSS6.1AI score0.0156EPSS
Exploits0References9
OSV
OSV
added 2022/05/17 5:47 a.m.23 views

GHSA-JW88-WXV5-7C4F Directory traversal in pyftpdlib

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a 1 CWD, 2 DELE, 3 STOR, or 4 RETR command...

6.3CVSS6.3AI score0.01412EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/02 4:0 a.m.37 views

Uncontrolled Resource Consumption in pyftpdlib

Memory leak in the ondtpclose function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service memory consumption by sending a QUIT command during a data transfer...

4CVSS5.1AI score0.01156EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/02 4:0 a.m.35 views

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...

4.3CVSS5AI score0.01364EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/02 4:0 a.m.37 views

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerabilit...

4.3CVSS5.4AI score0.00934EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/02 4:0 a.m.23 views

GHSA-8GV6-X88P-3F6H Uncontrolled Resource Consumption in pyftpdlib

Memory leak in the ondtpclose function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service memory consumption by sending a QUIT command during a data transfer...

6CVSS5.9AI score0.01156EPSS
Exploits0References7
OSV
OSV
added 2022/05/02 4:0 a.m.44 views

GHSA-MPG6-RGP4-35RR Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...

6.3CVSS6.1AI score0.01364EPSS
Exploits0References13
OSV
OSV
added 2022/05/02 4:0 a.m.29 views

GHSA-62XG-239J-VXG7 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerabilit...

6.3CVSS6.1AI score0.00934EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/02 4:0 a.m.39 views

Improper Access Control in pyftpdlib

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session...

4CVSS5.9AI score0.01031EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/02 4:0 a.m.32 views

GHSA-H4G7-8M7R-87R9 Improper Access Control in pyftpdlib

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session...

7.1CVSS6AI score0.01031EPSS
Exploits0References7
OSV
OSV
added 2022/05/01 6:45 p.m.20 views

GHSA-CX59-CP6C-9FR8 pyftpdlib vulnerable to allocation of resources without limits

The ftpSTOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command...

7.1CVSS5.9AI score0.01156EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/01 6:45 p.m.46 views

pyftpdlib vulnerable to allocation of resources without limits

The ftpSTOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command...

4CVSS4.4AI score0.01156EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 6:45 p.m.33 views

Improper privilege management in pyftpdlib

The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...

6.5CVSS3.6AI score0.01769EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/01 6:45 p.m.24 views

GHSA-8XGX-75QW-6268 Improper privilege management in pyftpdlib

The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...

6.3CVSS5.9AI score0.01769EPSS
Exploits0References8
OSV
OSV
added 2022/05/01 6:45 p.m.27 views

GHSA-9X66-GHQX-8G5R Improper Authentication in pyftpdlib

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.3CVSS6.2AI score0.01354EPSS
Exploits0References9
Rows per page
Query Builder