
CVE-2018-1000030 – Gentoo Linux Security Advisory 201811-02
https://notcve.org/view.php?id=CVE-2018-1000030
08 Feb 2018 — Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer ... • https://github.com/tylepr96/CVE-2018-1000030 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVE-2018-5773
https://notcve.org/view.php?id=CVE-2018-5773
18 Jan 2018 — An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag. Se ha descubierto un problema en markdown2 (también conocido como python-markdown2) hasta la versión 2.3.5. La característica safe_mode, que se supone que sanear entradas contra XSS, tiene errore... • https://github.com/trentm/python-markdown2/issues/285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2017-17522
https://notcve.org/view.php?id=CVE-2017-17522
14 Dec 2017 — Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting ** EN DISPUTA ** Lib/webbrowser.py en Python hasta la versión 3.6.3 no valida las cadenas antes de iniciar el programa especif... • http://www.securityfocus.com/bid/102207 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVE-2017-1000158 – Ubuntu Security Notice USN-3496-1
https://notcve.org/view.php?id=CVE-2017-1000158
17 Nov 2017 — CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CPython (también conocido como Python) hasta la versión 2.7.13 es vulnerable a un desbordamiento de enteros en la función PyString_DecodeEscape en stringobject.c, lo que resulta en un desbordamiento de búfer basado en memoria dinámica (heap) y, posiblemente, la ejecución de código arbitrario. USN-3496-1... • http://www.securitytracker.com/id/1039890 • CWE-190: Integer Overflow or Wraparound •

CVE-2017-9233 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-9233
25 Jun 2017 — XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. Una vulnerabilidad de XML External Entity (XEE) en libexpat versión 2.2.0 y anteriores (Expat XML Parser Library) permite que los atacantes consigan que el analizador entre en un bucle infinito utilizando una definición de entidad externa mal formada desde una DTD externa. It was discovered that Ex... • http://www.debian.org/security/2017/dsa-3898 • CWE-611: Improper Restriction of XML External Entity Reference CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVE-2017-2810 – Gentoo Linux Security Advisory 201811-18
https://notcve.org/view.php?id=CVE-2017-2810
14 Jun 2017 — An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. Una vulnerabilidad explotable en la funcionalidad Databook loading de Tablib versión 0.11.4. Un Databook cargado yaml puede ejecutar comandos python arbitrarios resultando en la ejecución de comandos. • http://www.securityfocus.com/bid/99076 •

CVE-2016-3076
https://notcve.org/view.php?id=CVE-2016-3076
24 Apr 2017 — Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. Desbordamiento de búfer basado en memoria dinámica en la función j2k_encode_entry en Pillow 2.5.0 hasta la versión 3.1.1 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de un archivo Jpeg2000 manipulado. • http://pillow.readthedocs.io/en/4.1.x/releasenotes/3.1.2.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2017-5992
https://notcve.org/view.php?id=CVE-2017-5992
15 Feb 2017 — Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. Openpyxl 2.4.1 resuelve entidades externas por defecto, lo que permite a atacantes remotos llevar a cabo ataques de XXE a través de un documento .xlsx manipulado. • http://www.openwall.com/lists/oss-security/2017/02/07/5 • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2016-7036
https://notcve.org/view.php?id=CVE-2016-7036
23 Jan 2017 — python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. python-jose en versiones anteriores a 1.3.2 permite a atacantes remotos tener un impacto no especificado aprovechando un fallo para utilizar una comparación de tiempo constante para teclas HMAC. • http://www.securityfocus.com/bid/95845 • CWE-361: 7PK - Time and State •

CVE-2016-9015
https://notcve.org/view.php?id=CVE-2016-9015
11 Jan 2017 — Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL ... • http://www.openwall.com/lists/oss-security/2016/10/27/6 • CWE-295: Improper Certificate Validation •