CVE-2013-5106
https://notcve.org/view.php?id=CVE-2013-5106
A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. Se presenta una vulnerabilidad de ejecución de código en el archivo select.py cuando se utiliza el python-mode 2012-12-19. • http://github.com/klen/python-mode/issues/162 • CWE-20: Improper Input Validation •
CVE-2019-9674
https://notcve.org/view.php?id=CVE-2019-9674
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. La biblioteca Lib/zipfile.py en Python versiones hasta 3.7.2, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de una bomba ZIP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html https://bugs.python.org/issue36260 https://bugs.python.org/issue36462 https://github.com/python/cpython/blob/master/Lib/zipfile.py https://python-security.readthedocs.io/security.html#archives-and-zip-bomb https://security.netapp.com/advisory/ntap-20200221-0003 https://usn.ubuntu.com/4428-1 https://www.python.org/news/security • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-8492 – python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS
https://notcve.org/view.php?id=CVE-2020-8492
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. Python versiones 2.7 hasta 2.7.17, versiones 3.5 hasta 3.5.9, versiones 3.6 hasta 3.6.10, versiones 3.7 hasta 3.7.6 y versiones 3.8 hasta 3.8.1, permiten a un servidor HTTP conducir ataques de Denegación de Servicio de Expresión Regular (ReDoS) contra un cliente debido a un backtracking catastrófico de la clase urllib.request.AbstractBasicAuthHandler. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html https://bugs.python.org/issue39503 https://github.com/python/cpython/pull/18284 https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2023/05& • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-8315
https://notcve.org/view.php?id=CVE-2020-8315
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. En Python (CPython) versiones 3.6 hasta 3.6.10, 3.7 hasta 3.7.6 y 3.8 hasta 3.8.1, una carga de dependencia no segura al iniciarse en Windows 7 puede resultar en una copia del atacante de api-ms-win-core-path- l1-1-0.dll siendo cargada y usada en lugar de la copia del sistema. Windows 8 y versiones posteriores no están afectadas. • https://bugs.python.org/issue39401 • CWE-427: Uncontrolled Search Path Element •
CVE-2009-3724
https://notcve.org/view.php?id=CVE-2009-3724
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues. python-markdown2 versiones anteriores a la versión 1.0.1.14, tiene múltiples problemas de tipo cross-site scripting (XSS) . • https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000 https://www.openwall.com/lists/oss-security/2009/10/29/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •