Vulnerabilities > G Rodola > Pyftpdlib > 0.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-19 | CVE-2010-3494 | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492. | 4.3 |
| 2010-10-19 | CVE-2009-5013 | Resource Management Errors vulnerability in G.Rodola Pyftpdlib Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer. | 4.0 |
| 2010-10-19 | CVE-2009-5012 | Permissions, Privileges, and Access Controls vulnerability in G.Rodola Pyftpdlib ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session. | 4.0 |
| 2010-10-19 | CVE-2009-5011 | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494. | 4.3 |
| 2010-10-19 | CVE-2009-5010 | Race Condition vulnerability in G.Rodola Pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494. | 4.3 |