CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 0CVE-2011-4944 – python: distutils creates ~/.pypirc insecurely
https://notcve.org/view.php?id=CVE-2011-4944
27 Aug 2012 — Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Python v2.6 a través de 3.2 crea ~/.pypirc con permisos de lectura en todo el mundo antes de cambiar los datos que se han escrito, introduce una condición de carrera que permite a usuarios locales obtener un nombre de usuario y contraseña mediante la lectura de este archivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 9EXPL: 0CVE-2012-2135
https://notcve.org/view.php?id=CVE-2012-2135
14 Aug 2012 — The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. El descodificador UTF-16 en Python v3.1 a v3.3 no actualiza la variable aligned_end después de llamar a la función unicode_decode_call_errorhandler, lo que permite a atacantes remotos obtener informació... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-0876 – expat: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0876
03 Jul 2012 — The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por con... • http://bugs.python.org/issue13703#msg151870 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.4EPSS: 2%CPEs: 39EXPL: 0CVE-2011-1521 – urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
https://notcve.org/view.php?id=CVE-2011-1521
24 May 2011 — The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Los módulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicación que especificar la redir... • http://bugs.python.org/issue11662 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3493 – Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)
https://notcve.org/view.php?id=CVE-2010-3493
19 Oct 2010 — Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Múltiples condiciones de car... • http://bugs.python.org/issue6706 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 93%CPEs: 5EXPL: 6CVE-2007-4559 – python: tarfile module directory traversal
https://notcve.org/view.php?id=CVE-2007-4559
28 Aug 2007 — Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. Vulnerabilidad de salto de directorio en las funciones (1) extract y (2) extractall en el módulo tarfile en Python permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección a través de la secuencia .... • https://github.com/davidholiday/CVE-2007-4559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •