CVSS: 9.8EPSS: 2%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 2CVE-2019-5010 – python: NULL pointer dereference using a specially crafted X509 certificate
https://notcve.org/view.php?id=CVE-2019-5010
04 Mar 2019 — An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el analizador de certificados X509 de Python.org Python versión 2.7.11 / 3.6.6. Un certificado X509 e... • https://github.com/JonathanWilbur/CVE-2019-5010 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20406 – python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data
https://notcve.org/view.php?id=CVE-2018-20406
23 Dec 2018 — Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-14647 – python: Missing salt initialization in _elementtree.c module
https://notcve.org/view.php?id=CVE-2018-14647
25 Sep 2018 — Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. El acelerador de C elementtree en Python no iniciali... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2018-1060 – python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
https://notcve.org/view.php?id=CVE-2018-1060
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Python antes de las versiones 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a un retroceso catastrófico en el método apop () de pop3lib. Un atacante podría usar este fallo para causar la denegación de servicio. A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's a... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-1061 – python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
https://notcve.org/view.php?id=CVE-2018-1061
05 May 2018 — python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. python en versiones anteriores a la 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a backtracking catastrófico en el método difflib.IS_LINE_JUNK. Un atacante podría utilizar este fallo para provocar una denegación de servicio (DoS). A flaw was found in the way catastrophic backtracking was implem... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 1CVE-2018-1000117
https://notcve.org/view.php?id=CVE-2018-1000117
07 Mar 2018 — Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. Python Software Foundation CPython, desde la versión 3.2 hasta la 3.6.4 en Windows, contie... • https://github.com/u0pattern/CVE-2018-1000117-Exploit • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18207
https://notcve.org/view.php?id=CVE-2017-18207
01 Mar 2018 — The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. ** EN DISPUTA ** La función Wave_read._read_fmt_chunk en Lib/wave.py en Python, hasta la versión 3.6.4, no garantiza un valor de canal nonzero, lo ... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17522
https://notcve.org/view.php?id=CVE-2017-17522
14 Dec 2017 — Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting ** EN DISPUTA ** Lib/webbrowser.py en Python hasta la versión 3.6.3 no valida las cadenas antes de iniciar el programa especif... • http://www.securityfocus.com/bid/102207 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2017-1000158 – Ubuntu Security Notice USN-3496-1
https://notcve.org/view.php?id=CVE-2017-1000158
17 Nov 2017 — CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CPython (también conocido como Python) hasta la versión 2.7.13 es vulnerable a un desbordamiento de enteros en la función PyString_DecodeEscape en stringobject.c, lo que resulta en un desbordamiento de búfer basado en memoria dinámica (heap) y, posiblemente, la ejecución de código arbitrario. USN-3496-1... • http://www.securitytracker.com/id/1039890 • CWE-190: Integer Overflow or Wraparound •