Page 13 of 66 results (0.014 seconds)

CVSS: 1.9EPSS: 0%CPEs: 28EXPL: 0

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Python v2.6 a través de 3.2 crea ~/.pypirc con permisos de lectura en todo el mundo antes de cambiar los datos que se han escrito, introduce una condición de carrera que permite a usuarios locales obtener un nombre de usuario y contraseña mediante la lectura de este archivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 http://bugs.python.org/file23824/pypirc-secure.diff http://bugs.python.org/issue13512 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://secunia.com/advisories/51087 http://secunia.com/advisories/51089 http://www • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 1

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Python anteriores a v2.6.8, v2.7.x anteriores a v2.7.3, 3.x anteriores a v3.1.5, y v3.2.x anteriores a v3.2.3 procesa los valores hash sin restringir la disponibilidad para provocar colisiones predecibles, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • http://bugs.python.org/issue13703 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://mail.python.org/pipermail/python-dev/2011-December/115116.html http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/ • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por consumo de CPU) a atacantes dependientes de contexto a través de un archivo XML con muchos identificadores con el mismo valor. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. • http://bugs.python.org/issue13703#msg151870 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html http://rhn.redhat.com/errata/RHSA-2012-0731.html http://rhn.redhat.com/errata/RHSA-2016-0062.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://secunia.com/advisories/49504 http://secunia.com/advisories/51024 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •

CVSS: 6.4EPSS: 13%CPEs: 39EXPL: 0

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Los módulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicación que especificar la redirección del fichero: URLs, lo que hace que sea más fácil para los atacantes remotos obtener información sensible o provocar una denegación de servicio (consumo de recursos) a través de una URL manipulada, como lo demuestra lso ficheros URLs: //etc/passwd y //dev/zero. • http://bugs.python.org/issue11662 http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS http://hg.python.org/cpython/rev/96a6c128822b http://hg.python.org/cpython/rev/b2934d98dac1 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/03/24/5 http://openwall.com/lists/oss-secur • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 11%CPEs: 2EXPL: 0

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Múltiples condiciones de carrera en smtpd.py en el módulo smtpd in Python v2.6, v2.7, v3.1 y v3.2 alpha permite a atacantes remotos provocar una denegación de servicio (agotamiento de demonio)por establecimiento e inmediatamente cerrando una conexión TCP, llevando la función accept a devolver un valor inesperado de None, un valor inesperado de None para la dirección, o un error ECONNABORTED, EAGAIN, o EWOULDBLOCK, o la función getpeername teniendo un error ENOTCONN, tema relacionado con CVE-2010-3492. • http://bugs.python.org/issue6706 http://bugs.python.org/issue9129 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289 http://svn.python.org/view?v • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •