CVSS: 9.8EPSS: 93%CPEs: 5EXPL: 6CVE-2007-4559 – python: tarfile module directory traversal
https://notcve.org/view.php?id=CVE-2007-4559
28 Aug 2007 — Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. Vulnerabilidad de salto de directorio en las funciones (1) extract y (2) extractall en el módulo tarfile en Python permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección a través de la secuencia .... • https://github.com/davidholiday/CVE-2007-4559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4980 – python repr unicode buffer overflow
https://notcve.org/view.php?id=CVE-2006-4980
09 Oct 2006 — Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. Desbordamiento de bufer en la función repr en Python 2.3 hasta la 2.6 anterior al 22/08/2006 permite a un atacante dependiente del contexto provocar denegación de servicio y posiblemente ejecutar código de su elección a través de secuencias anchas hechas a mano del... • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-1542 – Python 2.4.2 - 'realpath()' Local Stack Overflow
https://notcve.org/view.php?id=CVE-2006-1542
30 Mar 2006 — Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited becau... • https://www.exploit-db.com/exploits/1591 •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0CVE-2005-0089
https://notcve.org/view.php?id=CVE-2005-0089
06 Feb 2005 — The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. • http://marc.info/?l=bugtraq&m=110746469728728&w=2 •