CVE-2020-29396
https://notcve.org/view.php?id=CVE-2020-29396
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. Un problema del sandboxing en Odoo Community versiones 11.0 hasta 13.0 y Odoo Enterprise versiones 11.0 hasta 13.0, cuando se ejecuta con Python versiones 3.6 o posteriores, permite a usuarios autenticados remotos ejecutar código arbitrario, conllevando a una escalada de privilegios • https://github.com/odoo/odoo/issues/63712 https://www.oracle.com/security-alerts/cpujul2022.html • CWE-267: Privilege Defined With Unsafe Actions •
CVE-2020-26244 – Cryptographic issues in Python oic
https://notcve.org/view.php?id=CVE-2020-26244
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1. • https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498 https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1 https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg https://pypi.org/project/oic • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVE-2020-25658 – python-rsa: bleichenbacher timing oracle attack against RSA decryption
https://notcve.org/view.php?id=CVE-2020-25658
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. Se detectó que python-rsa es vulnerable a los ataques de sincronización de tipo Bleichenbacher. Un atacante puede utilizar este fallo por medio de la API de descifrado RSA para descifrar partes del texto cifrado con RSA A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 https://github.com/sybrenstuvel/python-rsa/issues/165 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7 https://access.redhat.com/security/cve/CVE-2020-25 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVE-2020-25659 – python-cryptography: Bleichenbacher timing oracle attack against RSA decryption
https://notcve.org/view.php?id=CVE-2020-25659
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. python-cryptography versión 3.2, es vulnerable a ataques de sincronización de Bleichenbacher en la API de descifrado RSA, por medio del procesamiento cronometrado de texto cifrado PKCS#1 v1.5 válido A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality. • https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-25659 https://bugzilla.redhat.com/show_bug.cgi?id=1889988 • CWE-385: Covert Timing Channel •
CVE-2020-27619 – python: Unsafe use of eval() on data retrieved via HTTP in the test suite
https://notcve.org/view.php?id=CVE-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. En Python versiones 3 hasta 3.9.0, las pruebas del códec CJK del archivo Lib/test/multibytecodec_support.py llaman a la función eval() en el contenido recuperado por medio de HTTP In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. • https://bugs.python.org/issue41944 https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https:/ • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •