CVE-2015-20107 – python: mailcap: findmatch() function does not sanitize the second argument
https://notcve.org/view.php?id=CVE-2015-20107
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 En Python (también conocido como CPython) hasta la versión 3.10.8, el módulo mailcap no añade caracteres de escape en los comandos descubiertos en el archivo mailcap del sistema. Esto puede permitir a los atacantes inyectar comandos de shell en aplicaciones que llamen a mailcap.findmatch con entradas no confiables (si carecen de validación de los nombres de archivos o argumentos proporcionados por el usuario). La corrección también se ha aplicado a las versiones 3.7, 3.8 y 3.9 A command injection vulnerability was found in the Python mailcap module. • https://bugs.python.org/issue24778 https://github.com/python/cpython/issues/68966 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX https://lists.fedoraproject.org/archives/list/package-announ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-1210 – LibTIFF tiff2ps resource consumption
https://notcve.org/view.php?id=CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. • https://gitlab.com/libtiff/libtiff/-/issues/402 https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff https://security.gentoo.org/glsa/202210-10 https://security.netapp.com/advisory/ntap-20220513-0005 https://vuldb.com/?id.196363 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVE-2021-4189 – python: ftplib should not use the host from the PASV response
https://notcve.org/view.php?id=CVE-2021-4189
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. Se ha encontrado un fallo en Python, concretamente en la biblioteca del cliente FTP (File Transfer Protocol) en modo PASV (pasivo). • https://access.redhat.com/security/cve/CVE-2021-4189 https://bugs.python.org/issue43285 https://bugzilla.redhat.com/show_bug.cgi?id=2036020 https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/ftplib-pasv.html https://security-tracker.debian.org/tracker/CVE-2021-4189 https://security.netapp • CWE-252: Unchecked Return Value •
CVE-2021-4147
https://notcve.org/view.php?id=CVE-2021-4147
A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. Se ha encontrado un fallo en el controlador libvirt libxl. Un huésped malicioso podría reiniciarse continuamente y causar que libvirtd en el host cerrarse o bloquearse, resultando en una condición de denegación de servicio • https://bugzilla.redhat.com/show_bug.cgi?id=2034195 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.netapp.com/advisory/ntap-20220513-0004 • CWE-667: Improper Locking •
CVE-2022-0897 – libvirt: missing locking in nwfilterConnectNumOfNWFilters can lead to denial of service
https://notcve.org/view.php?id=CVE-2022-0897
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). Se ha encontrado un fallo en el controlador nwfilter de libvirt. • https://bugzilla.redhat.com/show_bug.cgi?id=2063883 https://lists.debian.org/debian-lts-announce/2024/04/msg00000.html https://security.gentoo.org/glsa/202210-06 https://access.redhat.com/security/cve/CVE-2022-0897 • CWE-667: Improper Locking •