57411 matches found
Astra Linux - уязвимость в pypy, jython
The documentation XML-RPC server in Python, from versions 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4, has XSS vulnerabilities due to the servertitle field. This issue occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If the setservertitle function ...
Astra Linux - уязвимость в python3.7
The readints function in plistlib.py in Python from version 3.9.1 is vulnerable to a potential Distributed Denial-of-Service DoS attack due to CPU and RAM exhaustion when processing malformed Apple Property List files in binary format...
Astra Linux - уязвимость в python-cryptography
In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...
Astra Linux - уязвимость в lxml
A XSS vulnerability was discovered in the python-lxml’s clean module versions prior to 4.6.3. When the “safe attrsonly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit th...
Astra Linux - уязвимость в ansible
A flaw was discovered in Ansible Engine 2.9.18, where sensitive information is not masked by default, and the nolog feature is not protected when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The greatest threat posed by this...
Astra Linux - уязвимость в python3.7
A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...
Astra Linux - уязвимость в pypy
A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...
Astra Linux - уязвимость в python-urllib3
urllib3 before version 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...
Astra Linux - уязвимость в python3.11, python3.7
The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...
Astra Linux - уязвимость в python2.7, python3.7, pypy
A XXE issue was discovered in Python through version 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to prevent XML vulnerabilities...
Astra Linux - уязвимость в pillow
In versions 8.2.0 and earlier of Pillow, as well as versions 1.1.7 and earlier of PIL Python Imaging Library, an attacker can pass controlled parameters directly into the convert function, thereby triggering a buffer overflow in Convert.c...
Astra Linux - уязвимость в python3.11
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially leading to Out-of-Memory errors or other types of...
Astra Linux - уязвимость в pypy
In the http.cookiejar.py module of Python, prior to version 3.7.3, the domain validation mechanism was not properly implemented. This vulnerability could allow existing cookies to be sent to the wrong server. Attackers could exploit this flaw by using a server whose hostname contains another vali...
Astra Linux - уязвимость в python-ldap
Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the ldap.dn.escapednchars function incorrectly escaped \x00 by emitting a slash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this functi...
Astra Linux - уязвимость в python3.7, php7.3
The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...
Astra Linux - уязвимость в pillow
In Pillow’s PIL.ImageMath.eval before version 9.0.0, it was possible to evaluate arbitrary expressions, including those that used the Python exec method. A lambda expression could also be used...
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings due to an incorrect return value. This issue occurs in the xmlPythonFileRead and xmlPythonFileReadRaw functions, caused by a discrepancy between bytes and characters...
Astra Linux - уязвимость в python-ipaddress
The Lib/ipaddress.py module in Python up to version 3.8.3 incorrectly calculates hash values for the IPv4Interface and IPv6Interface classes. This may allow a remote attacker to cause a denial of service if an application relies on the performance of a dictionary containing IPv4Interface or...
Astra Linux - уязвимость в pyyaml
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions due to a class deserialization issue. For example, Popen is a class in the subprocess module. NOTE: This issue exists because of an incomplete fix for CVE-2017-18342...
Astra Linux - уязвимость в python3.11, python3.7
When loading a plist file, the plistlib module reads data in a size specified by the file itself. This means that a malicious file can cause out-of-memory OOM and denial-of-service DoS issues...