CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1CVE-2014-1933
https://notcve.org/view.php?id=CVE-2014-1933
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. Los scripts (1) JpegImagePlugin.py y (2) EpsImagePlugin.py en Python Image Library (PIL) 1.1.7 y anteriores y Pillow anterior a 2.3.1 utiliza los nombres de archivos temporales en la línea de comando, lo que facilita a usuarios locales realizar ataques symlink mediante el listado de los procesos. • http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html http://www.openwall.com/lists/oss-security/2014/02/10/15 http://www.openwall.com/lists/oss-security/2014/02/11/1 http://www.securityfocus.com/bid/65513 http://www.ubuntu.com/usn/USN-2168-1 https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 https://security.gentoo.org/glsa/201612-52 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 60%CPEs: 52EXPL: 4CVE-2014-1912 – Python - 'socket.recvfrom_into()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-1912
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Desbordamiento de buffer en la función socket.recvfrom_into en Modules/socketmodule.c en Python 2.5 anterior a 2.7.7, 3.x anterior a 3.3.4 y 3.4.x anterior a 3.4rc1 permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada. It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. • https://www.exploit-db.com/exploits/31875 http://bugs.python.org/issue20246 http://hg.python.org/cpython/rev/87673659d8f7 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://pastebin.com/raw.php?i=GHXSmNEg http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2013-2191
https://notcve.org/view.php?id=CVE-2013-2191
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. python-bugzilla anterior a 0.9.0 no valida los certificados X.509 , lo que permite a atacantes man-in-the-middle falsificar servidores Bugzilla a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html http://www.openwall.com/lists/oss-security/2013/06/19/6 https://bugzilla.redhat.com/show_bug.cgi?id=951594 https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1604
https://notcve.org/view.php?id=CVE-2014-1604
The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. La funcionalidad parser cache en parsergenerator.py de RPLY (también conocido como python-rply) anterior a la versión 0.7.1 permite a usuarios locales falsificar los datos caché mediante la pre-creación de un archivo rply-*.json con un nombre predictivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263 http://secunia.com/advisories/56429 http://www.openwall.com/lists/oss-security/2014/01/17/8 http://www.openwall.com/lists/oss-security/2014/01/18/4 http://www.osvdb.org/102202 https://exchange.xforce.ibmcloud.com/vulnerabilities/90593 https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1624
https://notcve.org/view.php?id=CVE-2014-1624
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. Condición de carrera en la función xdg.BaseDirectory.get_runtime_dir en python-xdg 0.25 permite a usuarios locales sobreescribir archivos arbitrarios mediante la pre-creación /tmp/pyxdg-runtime-dir-fallback-victim para apuntar a una localización victim-owned, después reemplazándolo con un symlink hacia una localización controlada por el atacante una vez es llamada la función get_runtime_dir. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247 http://www.openwall.com/lists/oss-security/2014/01/21/3 http://www.openwall.com/lists/oss-security/2014/01/21/4 http://www.securityfocus.com/bid/65042 https://exchange.xforce.ibmcloud.com/vulnerabilities/90618 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •