Search for packages
| purl | pkg:deb/debian/python-pyftpdlib@2.2.0-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2u11-41pn-z3a6 | ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. |
CVE-2009-5012
GHSA-h4g7-8m7r-87r9 PYSEC-2010-9 |
| VCID-3457-xc8u-1yf8 | Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RETR command. |
CVE-2008-7262
GHSA-jw88-wxv5-7c4f PYSEC-2010-4 |
| VCID-4nwj-dx2k-abcr | Improper privilege management in pyftpdlib |
CVE-2007-6741
GHSA-8xgx-75qw-6268 PYSEC-2010-25 |
| VCID-5x4d-txr7-77bn | ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. |
CVE-2008-7263
GHSA-q6w2-jxcm-2crj PYSEC-2010-5 |
| VCID-67rd-vz1v-yqac | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib |
CVE-2009-5010
GHSA-mpg6-rgp4-35rr PYSEC-2010-7 |
| VCID-8vjd-1g37-5ye6 | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. |
CVE-2009-5011
GHSA-62xg-239j-vxg7 PYSEC-2010-8 |
| VCID-9kgg-frev-97g7 | Directory Traversal in pyftpdlib |
CVE-2007-6736
GHSA-f8wg-36r9-7f4q PYSEC-2010-20 |
| VCID-crtn-sf6h-t7e3 | The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. |
CVE-2008-7264
GHSA-8p2c-fghc-9hj4 PYSEC-2010-6 |
| VCID-dyek-w44f-jyhn | Improper Authentication in pyftpdlib |
CVE-2007-6737
GHSA-9x66-ghqx-8g5r PYSEC-2010-21 |
| VCID-mw1j-4h2u-ruhr | pyftpdlib vulnerable to allocation of resources without limits |
CVE-2007-6740
GHSA-cx59-cp6c-9fr8 PYSEC-2010-24 |
| VCID-ufjv-wgk3-sfcj | Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. |
CVE-2010-3494
GHSA-hw4g-fhcp-x5mq PYSEC-2010-11 |
| VCID-ugfe-xyhj-f7at | pyftpdlib Use of Insufficiently Random Values of port selection on PASV command |
CVE-2007-6738
GHSA-gh7c-cg3x-pmcr PYSEC-2010-22 |
| VCID-x5kz-xmwm-fubg | Improper Input Validation in pyftpdlib |
CVE-2007-6739
GHSA-5f3f-pg2c-cxcv PYSEC-2010-23 |
| VCID-zjev-ytqn-8yhs | Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. |
CVE-2009-5013
GHSA-8gv6-x88p-3f6h PYSEC-2010-10 |