CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19274
https://notcve.org/view.php?id=CVE-2019-19274
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) typed_ast versiones 1.3.0 y 1.3.1, presenta una lectura fuera de límites de la función handle_keywordonly_args. Un atacante con la capacidad de causar que un intérprete de Python analice el origen de Python (pero no necesariamente lo ejecute) puede bloquear el proceso del intérprete. • https://bugs.python.org/issue36495 https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19275
https://notcve.org/view.php?id=CVE-2019-19275
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) typed_ast versiones 1.3.0 y 1.3.1, presenta una lectura fuera de límites de la función ast_for_arguments. Un atacante con la capacidad de causar que un intérprete de Python analice el origen de Python (pero no necesariamente lo ejecute) puede bloquear el proceso del intérprete. • https://bugs.python.org/issue36495 https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5578
https://notcve.org/view.php?id=CVE-2012-5578
Python keyring has insecure permissions on new databases allowing world-readable files to be created El llavero de Python posee permisos no seguros en bases de datos nuevas, permitiendo que archivos de tipo world-readable sean creados. • http://www.openwall.com/lists/oss-security/2012/11/27/4 https://access.redhat.com/security/cve/cve-2012-5578 https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5578 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5578 https://security-tracker.debian.org/tracker/CVE-2012-5578 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0877
https://notcve.org/view.php?id=CVE-2012-0877
PyXML: Hash table collisions CPU usage Denial of Service PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio • http://seclists.org/oss-sec/2014/q3/96 http://www.openwall.com/lists/oss-security/2014/07/08/11 https://access.redhat.com/security/cve/cve-2012-0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877 https://security-tracker.debian.org/tracker/CVE-2012-0877 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14853 – python-ecdsa: Unexpected and undocumented exceptions during signature decoding
https://notcve.org/view.php?id=CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service. Se encontró un error de manejo de errores en python-ecdsa anterior de la versión 0.13.3. Durante la decodificación de firmas, las firmas DER mal formadas pueden generar excepciones inesperadas (o ninguna excepción), lo que podría conducir a una denegación de servicio. An error-handling flaw was found in python-ecdsa. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853 https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3 https://seclists.org/bugtraq/2019/Dec/33 https://www.debian.org/security/2019/dsa-4588 https://access.redhat.com/security/cve/CVE-2019-14853 https://bugzilla.redhat.com/show_bug.cgi?id=1758704 • CWE-391: Unchecked Error Condition CWE-755: Improper Handling of Exceptional Conditions •