CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-2667
https://notcve.org/view.php?id=CVE-2014-2667
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. Condición de carrera en la función _get_masked_mode en Lib/os.py en Python 3.2 hasta 3.5, cuando exist_ok está activado y se utilizan múltiples hilos, podría permitir a usuarios locales saltarse el archivo destinado a los permisos aprovechando una vulnerabilidad de solicitud por separado antes de que umask haya sido ajustado al valor esperado. • http://bugs.python.org/issue21082 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://www.openwall.com/lists/oss-security/2014/03/28/15 http://www.openwall.com/lists/oss-security/2014/03/29/5 http://www.openwall.com/lists/oss-security/2014/03/30/4 https://security.gentoo.org/glsa/201503-10 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1829
https://notcve.org/view.php?id=CVE-2014-1829
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Requests(también conocido como python-requests) anterior a 2.3.0 permite a atacantes remotos obtener una contraseña netrc leyendo la cabecera 'Authorization' en una petición de redirección. • http://advisories.mageia.org/MGASA-2014-0409.html http://www.debian.org/security/2015/dsa-3146 http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 http://www.ubuntu.com/usn/USN-2382-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108 https://github.com/kennethreitz/requests/issues/1885 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1830
https://notcve.org/view.php?id=CVE-2014-1830
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Requests (también conocido como python-requests) anterior a 2.3.0 permite a servidores remotos obtener información sensible leyendo la cabecera en 'Proxy-Authorization' con una petición de redirección. • http://advisories.mageia.org/MGASA-2014-0409.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html http://www.debian.org/security/2015/dsa-3146 http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108 https://github.com/kennethreitz/requests/issues/1885 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 3CVE-2014-7185 – python: buffer() integer overflow leading to out of bounds read
https://notcve.org/view.php?id=CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. • http://bugs.python.org/issue21831 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.openwall.com/lists/oss-security/2014/09/23/5 http://www.openwall.com/lists/oss-security/2014/09/25/47 http:/&# • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0CVE-2014-3589
https://notcve.org/view.php?id=CVE-2014-3589
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. PIL/IcnsImagePlugin.py en Python Imaging Library (PIL) y Pillow anterior a 2.3.2 y 2.5.x anterior a 2.5.2 permite a atacantes remotos causar una denegación de servicio a través de un tamaño de bloque manipulado. • http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html http://secunia.com/advisories/59825 http://www.debian.org/security/2014/dsa-3009 https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d https://pypi.python.org/pypi/Pillow/2.3.2 https://pypi.python.org/pypi/Pillow/2.5.2 • CWE-20: Improper Input Validation •