CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 1CVE-2019-9948 – python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
https://notcve.org/view.php?id=CVE-2019-9948
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. urllib en Python, en versiones 2.x hasta la 2.7.16, soporta el esquema local_file:, lo que facilita que los atacantes remotos omitan los mecanismos de protección que ponen en lista negra los URI file:, tal y como queda demostrado con una llamada urllib.urlopen('local_file:///etc/passwd'). • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html http://www.securityfocus.com/bid/107549 https://access.redhat.com/errata/RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3520 https://bugs.python.o • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-749: Exposed Dangerous Method or Function •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9740 – python: CRLF injection via the query part of the url passed to urlopen()
https://notcve.org/view.php?id=CVE-2019-9740
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. Se detectó un problema en urllib2 en Python 2.x hasta 2.7.16 y urllib en Python 3.x hasta 3.7.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html http://www.openwall.com/lists/oss-security/2021/02/04/2 http://www.securityfocus.com/bid/107466 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:3335 https:/&#x • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2018-1061 – python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
https://notcve.org/view.php?id=CVE-2018-1061
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. python en versiones anteriores a la 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 y 3.7.0 es vulnerable a backtracking catastrófico en el método difflib.IS_LINE_JUNK. Un atacante podría utilizar este fallo para provocar una denegación de servicio (DoS). A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.securitytracker.com/id/1042001 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3041 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:3725 https://bugs.python.org/issue32981 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061 https://docs.python.org/ • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18207
https://notcve.org/view.php?id=CVE-2017-18207
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. ** EN DISPUTA ** La función Wave_read._read_fmt_chunk en Lib/wave.py en Python, hasta la versión 3.6.4, no garantiza un valor de canal nonzero, lo que permite que atacantes remotos provoquen una denegación de servicio (error de división entre cero y cierre inesperado de la aplicación) mediante un archivo de audio wav manipulado. NOTA: el vendedor informa que las aplicaciones de Python "necesitan estar preparadas para manejar una amplia variedad de excepciones". • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugs.python.org/issue32056 • CWE-369: Divide By Zero •
CVSS: 3.6EPSS: 0%CPEs: 5EXPL: 1CVE-2018-1000030
https://notcve.org/view.php?id=CVE-2018-1000030
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. • https://github.com/tylepr96/CVE-2018-1000030 https://bugs.python.org/issue31530 https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view https://security.gentoo.org/glsa/201811-02 https://usn.ubuntu.com/3817-1 https://usn.ubuntu.com/3817-2 https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0 https://www.oracle.com/security-alerts/cpujan2020.html • CWE-416: Use After Free CWE-787: Out-of-bounds Write •