exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2024-34083

больше 1 года назад

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

CVSS3: 5.4

EPSS: Низкий

CVE-2024-34083

больше 1 года назад

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.

CVSS3: 5.4

EPSS: Низкий

CVE-2024-34083

больше 1 года назад

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...

CVSS3: 5.4

EPSS: Низкий

GHSA-wgjv-9j3q-jhg8

больше 1 года назад

aiosmtpd STARTTLS unencrypted commands injection

CVSS3: 5.4

EPSS: Низкий

openSUSE-SU-2024:0243-1

больше 1 года назад

Security update for python-aiosmtpd

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-34083 aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.	CVSS3: 5.4	0% Низкий	больше 1 года назад
CVE-2024-34083 aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle attack. Version 1.4.6 contains a patch for the issue.	CVSS3: 5.4	0% Низкий	больше 1 года назад
CVE-2024-34083 aiosmptd is a reimplementation of the Python stdlib smtpd.py based on ...	CVSS3: 5.4	0% Низкий	больше 1 года назад
GHSA-wgjv-9j3q-jhg8 aiosmtpd STARTTLS unencrypted commands injection	CVSS3: 5.4	0% Низкий	больше 1 года назад
openSUSE-SU-2024:0243-1 Security update for python-aiosmtpd			больше 1 года назад

Уязвимостей на страницу