Page 12 of 76 results (0.023 seconds)

CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. Condición de carrera en la función _get_masked_mode en Lib/os.py en Python 3.2 hasta 3.5, cuando exist_ok está activado y se utilizan múltiples hilos, podría permitir a usuarios locales saltarse el archivo destinado a los permisos aprovechando una vulnerabilidad de solicitud por separado antes de que umask haya sido ajustado al valor esperado. • http://bugs.python.org/issue21082 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://www.openwall.com/lists/oss-security/2014/03/28/15 http://www.openwall.com/lists/oss-security/2014/03/29/5 http://www.openwall.com/lists/oss-security/2014/03/30/4 https://security.gentoo.org/glsa/201503-10 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 1

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. Un error de índice de matriz en la función scanstring en el módulo the _json en Python 2.7 en su versión 3.5 y simplejson en su versión 2.6.1 permite que atacantes dependientes del contexto lean archivos arbitrarios de la memoria de proceso mediante un valor de índice negativo en el argumento idx en la función raw_decode function. A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. • http://bugs.python.org/issue21529 http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html http://openwall.com/lists/oss-security/2014/06/24/7 http://rhn.redhat.com/errata/RHSA-2015-1064.html http://www.securityfocus.com/bid/68119 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 https://bugzilla.redhat.com/show_bug.cgi?id=1112285 https://hackerone.com/reports/12297 https://security.gentoo.org/glsa/201503-10 https://access.redhat.com/security/cve/CV • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •

CVSS: 9.8EPSS: 17%CPEs: 8EXPL: 2

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. El módulo CGIHTTPServer en Python versiones 2.7.5 y 3.3.4, no maneja apropiadamente las URL en las que la codificación de URL es usada para los separadores de ruta, lo que permite a atacantes remotos leer el código fuente del script o conducir un salto de directorio y ejecutar código no deseado por medio de una secuencia de caracteres diseñada, como es demostrado mediante un separador %2f. It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory. • https://www.exploit-db.com/exploits/33894 http://bugs.python.org/issue21766 http://openwall.com/lists/oss-security/2014/06/26/3 https://access.redhat.com/security/cve/cve-2014-4650 https://access.redhat.com/security/cve/CVE-2014-4650 https://bugzilla.redhat.com/show_bug.cgi?id=1113527 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-138: Improper Neutralization of Special Elements •

CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 3

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •

CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. Python 2.7 anterior a 3.4 solamente utiliza las últimas ocho partes del prefijo para asignar valores de hash de forma aleatoria, lo que causa que calcule valores de hash sin restringir la habilidad de provocar colisiones de hash de forma previsible y facilita a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de entradas manipuladas hacia una aplicación que mantiene una tabla de hash. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-1150. • http://bugs.python.org/issue14621 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.openwall.com/lists/oss-security/2013/12/09/13 http://www.openwall.com/lists/oss-security/2013/12/09/3 http://www.securityfocus.com/bid/64194 https://support.apple.com/kb/HT205031 • CWE-310: Cryptographic Issues •