Page 42 of 281 results (0.009 seconds)

CVSS: 6.5EPSS: 7%CPEs: 4EXPL: 0

CVE-2016-2533

https://notcve.org/view.php?id=CVE-2016-2533

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. Desbordamiento de buffer en la función ImagengPcdDecode en PcdDecode.c en Pillow en versiones anteriores a 3.1.1 y Python Imageng Library (PIL) 1.1.7 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo PhotoCD manipulado. • http://www.debian.org/security/2016/dsa-3499 http://www.openwall.com/lists/oss-security/2016/02/02/5 http://www.openwall.com/lists/oss-security/2016/02/22/2 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1

CVE-2016-1494

https://notcve.org/view.php?id=CVE-2016-1494

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. La función de verificación en el paquete RSA para Phython (Python-RSA) en versiones anteriores a 3.3 permite a atacantes falsificar firmas con un exponente público pequeño a través de un relleno de firma manipulado, también conocido como un ataque BERserk. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00032.html http://www.openwall.com/lists/oss-security/2016/01/05/1 http://www.openwall.com/lists/oss-security/2016/01/05/3 http://www.securityfocus.com/bid/79829 https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff https: • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-5652

https://notcve.org/view.php?id=CVE-2015-5652

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." Vulnerabilidad de busqueda de ruta no confiable en python.exe en Python hasta la versión 3.5.0 en Windows, permite a usuarios locales obtener privilegios a través de un Troyano en el archivo readline.pyd en el directorio de trabajo actual. NOTA: el vendedor afirma 'Está determinado que es un comportamiento antiguo de Python que en realidad no puede ser alterado en estos momentos'. • http://jvn.jp/en/jp/JVN49503705/995204/index.html http://jvn.jp/en/jp/JVN49503705/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141 http://www.securityfocus.com/bid/76929 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 •

CVSS: 6.8EPSS: 3%CPEs: 27EXPL: 0

CVE-2015-1283 – chromium-browser: Heap-buffer-overflow in expat.

https://notcve.org/view.php?id=CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Múltiples vulnerabilidades de desbordamiento de entero en la función XML_GetBuffer en Expat hasta la versión 2.1.0 implementada en Chrome en versiones anteriores a la 44.0.2403.89 y otros productos permite a atacantes remotos causar una denegación de servicio mediante un desbordamiento de buffer basado en memoria dinámica o, posiblemente tener otro impacto no especificado a través de datos XML manipulados, un tema relacionado con CVE-2015-2716. • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html http://rhn.redhat.com/errata/RHSA-2015-1499.html http • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-1326 – python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp

https://notcve.org/view.php?id=CVE-2015-1326

python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file. python-dbusmock versiones anteriores a la 0.15.1 AddTemplate() D-Bus method call o DBusTestCase.spawn_server_stemplate() method podrían ser engañados para que ejecuten código malicioso si un atacante proporciona un archivo .pyc. • https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093 • CWE-20: Improper Input Validation •