CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-3219 – Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
https://notcve.org/view.php?id=CVE-2024-3219
29 Jul 2024 — The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not aff... • https://github.com/python/cpython/pull/122134 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0397 – Memory race condition in ssl.SSLContext certificate store methods
https://notcve.org/view.php?id=CVE-2024-0397
17 Jun 2024 — A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. Se descubrió un defecto en el módulo “ssl” de Python donde existe una condic... • http://www.openwall.com/lists/oss-security/2024/06/17/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-4032 – Incorrect IPv4 and IPv6 private ranges
https://notcve.org/view.php?id=CVE-2024-4032
17 Jun 2024 — The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these... • http://www.openwall.com/lists/oss-security/2024/06/17/3 • CWE-440: Expected Behavior Violation CWE-697: Incorrect Comparison •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-4030 – tempfile.mkdtemp() may be readable and writeable by all users on Windows
https://notcve.org/view.php?id=CVE-2024-4030
07 May 2024 — On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned direct... • https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6597 – python: Path traversal on tempfile.TemporaryDirectory
https://notcve.org/view.php?id=CVE-2023-6597
19 Mar 2024 — An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Se encontró un problema en la clase CPython `tempfile.TemporaryDirectory` que afecta a las versiones 3.12.2,... • http://www.openwall.com/lists/oss-security/2024/03/20/5 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0450 – Quoted zip-bomb protection for zipfile
https://notcve.org/view.php?id=CVE-2024-0450
19 Mar 2024 — An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. Se encontró un problema en el módulo `zipfile` de CPython que afecta a las versiones 3.12.2, 3.11.8, 3.10.13, 3.9.18 y 3.8.18 y an... • http://www.openwall.com/lists/oss-security/2024/03/20/5 • CWE-405: Asymmetric Resource Consumption (Amplification) CWE-450: Multiple Interpretations of UI Input •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21503 – psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file
https://notcve.org/view.php?id=CVE-2024-21503
19 Mar 2024 — Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. Las versiones del paquete black anteriores a la 24.3.0 son vu... • https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4108
https://notcve.org/view.php?id=CVE-2008-4108
18 Sep 2008 — Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. Tools/faqwiz/move-faqwiz.sh (también conocido como "la herramienta de movimiento del asistente genérico del FAQ") en Python 2.4.5, puede que permita a usuarios locales sobrescribir ficheros de su elección a tr... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2008-0299
https://notcve.org/view.php?id=CVE-2008-0299
16 Jan 2008 — common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. common.py in Paramiko 1.7.1 y versiones anteriores, cuando se utilizan hilos o procesos bifurcados, no utiliza apropiadamente RandomPool, lo cual permite a una sesión obtener información confidencial de otra sesión prediciendo el estado de la pila de conexiones. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2007-1657 – MiniGZip - Controls File_Compress Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1657
24 Mar 2007 — Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. Desbordamiento de búfer en la función file_compress en minigzip (Modules/zlib) en Python 2.5 permite a atacantes dependientes del contexto ejecutar código de su elección a través del un argumento de archivo. • https://www.exploit-db.com/exploits/29740 •