Page 41 of 281 results (0.006 seconds)

CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 0

CVE-2013-7440 – python: wildcard matching rules do not follow RFC 6125

https://notcve.org/view.php?id=CVE-2013-7440

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. La función ssl.match_hostname en CPython (también concida como Python) en versiones anteriores a 2.7.9 y 3.x en versiones anteriores a 3.3.3 no maneja correctamente comodines en los nombres de host, lo que podría permitir a atacantes man-in-the-middle suplantar servidores a través de un certificado manipulado. Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC 6125 recommendations. • http://seclists.org/oss-sec/2015/q2/483 http://seclists.org/oss-sec/2015/q2/523 http://www.securityfocus.com/bid/74707 https://access.redhat.com/errata/RHSA-2016:1166 https://bugs.python.org/issue17997 https://bugzilla.redhat.com/show_bug.cgi?id=1224999 https://hg.python.org/cpython/rev/10d0edadbcdd https://access.redhat.com/security/cve/CVE-2013-7440 • CWE-19: Data Processing Errors •

CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-0718 – expat: Out-of-bounds heap read on crafted input causing crash

https://notcve.org/view.php?id=CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Expat permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un documento de entrada mal formado, lo que desencadena un desbordamiento de buffer. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2016-4009

https://notcve.org/view.php?id=CVE-2016-4009

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función ImagengResampleHorizontal en libImaging/Resample.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos tener un impacto no especificado a través de valores negativos del tamaño nuevo, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. • http://www.securityfocus.com/bid/86064 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e https://github.com/python-pillow/Pillow/pull/1714 https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-0740

https://notcve.org/view.php?id=CVE-2016-0740

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. Desbordamiento de buffer en la función ImagengLibTiffDecode en libImageng/TiffDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos sobrescribir memoria a través de un archivo TIFF manipulado. • http://www.debian.org/security/2016/dsa-3499 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2016-0775

https://notcve.org/view.php?id=CVE-2016-0775

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. Desbordamiento de buffer en la función ImagingFliDecode en libImageng/FliDecode.c en Pillow en versiones anteriores a 3.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo FLI manipulado. • http://www.debian.org/security/2016/dsa-3499 https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/893a40850c2d5da41537958e40569c029a6e127b https://security.gentoo.org/glsa/201612-52 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •