CVSS: 5.3EPSS: 1%CPEs: 5EXPL: 1CVE-2018-20852 – python: Cookie domain check returns incorrect results
https://notcve.org/view.php?id=CVE-2018-20852
13 Jul 2019 — http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies ca... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2019-13404
https://notcve.org/view.php?id=CVE-2019-13404
08 Jul 2019 — The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x ** EN DISPUTA ** El instalador de MSI para Python mediante la versión 2.7.16 ... • https://github.com/alidnf/CVE-2019-13404 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 1%CPEs: 37EXPL: 0CVE-2019-12900 – bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
https://notcve.org/view.php?id=CVE-2019-12900
19 Jun 2019 — BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. A data integrity error was found in the Linux Kernel's bzip2 functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompres... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html • CWE-787: Out-of-bounds Write CWE-1214: Data Integrity Issues •
CVSS: 9.8EPSS: 1%CPEs: 28EXPL: 0CVE-2019-10160 – python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc
https://notcve.org/view.php?id=CVE-2019-10160
07 Jun 2019 — A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application loca... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html • CWE-172: Encoding Error CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2019-9948 – python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
https://notcve.org/view.php?id=CVE-2019-9948
23 Mar 2019 — urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. urllib en Python, en versiones 2.x hasta la 2.7.16, soporta el esquema local_file:, lo que facilita que los atacantes remotos omitan los mecanismos de protección que ponen en lista negra los URI file:, tal y como queda demostrado con una llamada urllib.urlopen... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-749: Exposed Dangerous Method or Function •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9947 – python: CRLF injection via the path part of the url passed to urlopen()
https://notcve.org/view.php?id=CVE-2019-9947
23 Mar 2019 — An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.5EPSS: 6%CPEs: 4EXPL: 1CVE-2019-9740 – python: CRLF injection via the query part of the url passed to urlopen()
https://notcve.org/view.php?id=CVE-2019-9740
13 Mar 2019 — An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.8EPSS: 1%CPEs: 41EXPL: 0CVE-2019-9636 – python: Information Disclosure due to urlsplit improper NFKC normalization
https://notcve.org/view.php?id=CVE-2019-9636
08 Mar 2019 — Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed c... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html • CWE-172: Encoding Error •
CVSS: 7.5EPSS: 3%CPEs: 18EXPL: 2CVE-2019-5010 – python: NULL pointer dereference using a specially crafted X509 certificate
https://notcve.org/view.php?id=CVE-2019-5010
04 Mar 2019 — An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. Se presenta una vulnerabilidad de denegación de servicio explotable en el analizador de certificados X509 de Python.org Python versión 2.7.11 / 3.6.6. Un certificado X509 e... • https://github.com/JonathanWilbur/CVE-2019-5010 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2018-20406 – python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data
https://notcve.org/view.php?id=CVE-2018-20406
23 Dec 2018 — Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •