Page 17 of 92 results (0.014 seconds)

CVSS: 6.4EPSS: 3%CPEs: 9EXPL: 0

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. El descodificador UTF-16 en Python v3.1 a v3.3 no actualiza la variable aligned_end después de llamar a la función unicode_decode_call_errorhandler, lo que permite a atacantes remotos obtener información sensible (la memoria del proceso) o provocar una denegación de servicio (por corrupción de memoria y caída la aplicación) a través de vectores no especificados. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 http://bugs.python.org/issue14579 http://secunia.com/advisories/51087 http://secunia.com/advisories/51089 http://www.openwall.com/lists/oss-security/2012/04/25/2 http://www.openwall.com/lists/oss-security/2012/04/25/4 http://www.ubuntu.com/usn/USN-1615-1 http://www.ubuntu.com/usn/USN-1616-1 •

CVSS: 5.0EPSS: 16%CPEs: 58EXPL: 1

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. SimpleXMLRPCServer.py en SimpleXMLRPCServer en Python antes de v2.6.8, v2.7.x antes de v2.7.3, v3.x antes de v3.1.5, y v3.2.x antes de v3.2.x, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una solicitud XML-RPC POST que contiene una cantidad de datos más pequeña que lo especificado en la cabecera Content-Length. • http://bugs.python.org/issue14001 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/releases/3.2.3 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http:/ • CWE-399: Resource Management Errors •

CVSS: 1.9EPSS: 0%CPEs: 28EXPL: 0

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Python v2.6 a través de 3.2 crea ~/.pypirc con permisos de lectura en todo el mundo antes de cambiar los datos que se han escrito, introduce una condición de carrera que permite a usuarios locales obtener un nombre de usuario y contraseña mediante la lectura de este archivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 http://bugs.python.org/file23824/pypirc-secure.diff http://bugs.python.org/issue13512 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://secunia.com/advisories/51087 http://secunia.com/advisories/51089 http://www • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 1

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Python anteriores a v2.6.8, v2.7.x anteriores a v2.7.3, 3.x anteriores a v3.1.5, y v3.2.x anteriores a v3.2.3 procesa los valores hash sin restringir la disponibilidad para provocar colisiones predecibles, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • http://bugs.python.org/issue13703 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://mail.python.org/pipermail/python-dev/2011-December/115116.html http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/ • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por consumo de CPU) a atacantes dependientes de contexto a través de un archivo XML con muchos identificadores con el mismo valor. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. • http://bugs.python.org/issue13703#msg151870 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html http://rhn.redhat.com/errata/RHSA-2012-0731.html http://rhn.redhat.com/errata/RHSA-2016-0062.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://secunia.com/advisories/49504 http://secunia.com/advisories/51024 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •