CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2019-19275 – openSUSE Security Advisory - openSUSE-SU-2020:0609-1
https://notcve.org/view.php?id=CVE-2019-19275
26 Nov 2019 — typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) typed_ast versiones 1.3.0 y 1.3.1, presenta una lectura fuera de límites de la función ast_for_arguments... • https://bugs.python.org/issue36495 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5578
https://notcve.org/view.php?id=CVE-2012-5578
25 Nov 2019 — Python keyring has insecure permissions on new databases allowing world-readable files to be created El llavero de Python posee permisos no seguros en bases de datos nuevas, permitiendo que archivos de tipo world-readable sean creados. • http://www.openwall.com/lists/oss-security/2012/11/27/4 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0877
https://notcve.org/view.php?id=CVE-2012-0877
22 Nov 2019 — PyXML: Hash table collisions CPU usage Denial of Service PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio • http://seclists.org/oss-sec/2014/q3/96 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 2CVE-2019-14859 – python-ecdsa: DER encoding is not being verified in signatures
https://notcve.org/view.php?id=CVE-2019-14859
18 Nov 2019 — A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Se encontró un fallo en todas las versiones de python-ecdsa anteriores a la versión 0.13.3, donde no se comprobaba correctamente si las firmas usaban codificación DER. Sin esta... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14853 – python-ecdsa: Unexpected and undocumented exceptions during signature decoding
https://notcve.org/view.php?id=CVE-2019-14853
18 Nov 2019 — An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. Se encontró un error de manejo de errores en python-ecdsa anterior de la versión 0.13.3. Durante la decodificación de firmas, las firmas DER mal formadas pueden generar excepciones inesperadas (o ninguna excepción), lo que podría conducir a una denegación de servicio. An error-handling... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853 • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2009-5042
https://notcve.org/view.php?id=CVE-2009-5042
31 Oct 2019 — python-docutils allows insecure usage of temporary files python-docutils, permite el uso no seguro de archivos temporales. • https://security-tracker.debian.org/tracker/CVE-2009-5042 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5577
https://notcve.org/view.php?id=CVE-2012-5577
28 Oct 2019 — Python keyring lib before 0.10 created keyring files with world-readable permissions. Python keyring lib versiones anteriores a la versió 0.10, creó archivos de llavero con permisos de tipo world-readable. • http://www.openwall.com/lists/oss-security/2012/11/27/3 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18348 – python: CRLF injection via the host part of the url passed to urlopen()
https://notcve.org/view.php?id=CVE-2019-18348
23 Oct 2019 — An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2019-17514 – Ubuntu Security Notice USN-6891-1
https://notcve.org/view.php?id=CVE-2019-17514
12 Oct 2019 — library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older doc... • https://bugs.python.org/issue33275 • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2019-16865 – python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service
https://notcve.org/view.php?id=CVE-2019-16865
04 Oct 2019 — An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. Se detectó un problema en Pillow versiones anteriores a 6.2.0. Cuando se leen archivos de imagen no válidos especialmente diseñados, la biblioteca puede ya sea asignar cantidades muy grandes de memoria o tomar un período de tiempo extremadamente largo para procesar la imagen. A flaw was ... • https://access.redhat.com/errata/RHSA-2020:0566 • CWE-770: Allocation of Resources Without Limits or Throttling •