CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-1753 – python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding
https://notcve.org/view.php?id=CVE-2013-1753
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. La función gzip_decode en la biblioteca de cliente xmlrpc en Python versiones 3.4 y anteriores, permite a atacantes remotos causar una denegación de servicio (consumo de memoria) por medio de una petición HTTP especialmente diseñada. It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. • https://bugs.python.org/issue16043 https://access.redhat.com/security/cve/CVE-2013-1753 https://bugzilla.redhat.com/show_bug.cgi?id=1046170 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 88EXPL: 2CVE-2014-9365 – python: failure to validate certificates in the HTTP client with TLS (PEP 476)
https://notcve.org/view.php?id=CVE-2014-9365
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Los clientes HTTP en las librarias (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib en CPython (también conocido como Python) 2.x anterior a 2.7.9 y 3.x anterior a 3.4.3, cuando accede a una URL HTTPS, not (a) comprueba el certificado contra un almacen trust o verifica que elnombre del servidor coincide con un nombre de dominio en el campo del tema (b) Common Name o (c) subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. • http://bugs.python.org/issue22417 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.openwall.com/lists/oss-security/2014/12/11/1 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/71639 https://access.redhat.com/errata/RHSA-2016:1166 https://access.redhat.com/errata/RHSA-2017:1162 https://access.redhat.com/errata&#x • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-2667
https://notcve.org/view.php?id=CVE-2014-2667
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. Condición de carrera en la función _get_masked_mode en Lib/os.py en Python 3.2 hasta 3.5, cuando exist_ok está activado y se utilizan múltiples hilos, podría permitir a usuarios locales saltarse el archivo destinado a los permisos aprovechando una vulnerabilidad de solicitud por separado antes de que umask haya sido ajustado al valor esperado. • http://bugs.python.org/issue21082 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://www.openwall.com/lists/oss-security/2014/03/28/15 http://www.openwall.com/lists/oss-security/2014/03/29/5 http://www.openwall.com/lists/oss-security/2014/03/30/4 https://security.gentoo.org/glsa/201503-10 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 3CVE-2014-7185 – python: buffer() integer overflow leading to out of bounds read
https://notcve.org/view.php?id=CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. • http://bugs.python.org/issue21831 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.openwall.com/lists/oss-security/2014/09/23/5 http://www.openwall.com/lists/oss-security/2014/09/25/47 http:/&# • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 1CVE-2014-4616 – python: missing boundary check in JSON module
https://notcve.org/view.php?id=CVE-2014-4616
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. Un error de índice de matriz en la función scanstring en el módulo the _json en Python 2.7 en su versión 3.5 y simplejson en su versión 2.6.1 permite que atacantes dependientes del contexto lean archivos arbitrarios de la memoria de proceso mediante un valor de índice negativo en el argumento idx en la función raw_decode function. A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. • http://bugs.python.org/issue21529 http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html http://openwall.com/lists/oss-security/2014/06/24/7 http://rhn.redhat.com/errata/RHSA-2015-1064.html http://www.securityfocus.com/bid/68119 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 https://bugzilla.redhat.com/show_bug.cgi?id=1112285 https://hackerone.com/reports/12297 https://security.gentoo.org/glsa/201503-10 https://access.redhat.com/security/cve/CV • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129: Improper Validation of Array Index •