CVE-2014-8165

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2014-8165

CVE-2014-8165 affects the powerpc-utils-python package used by PowerKVM. The root cause is unsafe use of Python’s Pickle in amsnet.py (AMS server/client path), enabling remote code execution when unpickled data is processed. IBM bulletin lists PowerKVM 2.1 and 3.1 as affected; remediation is to u...

Gnupg2 '/sm/minip12.c' Double Free Denial of Service Vulnerability

GnuPG is a Python module that allows, from a Python program, to conveniently use the key management, encryption and signing features of GnuPG. A denial of service vulnerability exists in Gnupg2 '/sm/minip12.c', which can be exploited by an attacker to launch a denial of service attack...

[SECURITY] Fedora 20 Update: python-eyed3-0.7.4-4.fc20

A Python module and program for processing ID3 tags. Information about mp3 filesi.e bit rate, sample frequency, play time, etc. is also provided. The formats supported are ID3 v1.0/v1.1 and v2.3/v2.4...

[SECURITY] Fedora 19 Update: python-eyed3-0.7.4-4.fc19

A Python module and program for processing ID3 tags. Information about mp3 filesi.e bit rate, sample frequency, play time, etc. is also provided. The formats supported are ID3 v1.0/v1.1 and v2.3/v2.4...

CVE-2014-0485

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...

CVE-2014-0485

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...

CVE-2014-0485

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in 1 common.py or 2 local.py in backends/...

Ada Image Server <= 0.6.7 imgsrv.exe Buffer Overflow

No description provided by source. !/usr/bin/python Only usable module with safeseh disabled on XP SP2 and XP SP3 is imgsrv.exe. However, it contains a null character in the address ex: XP SP3 = 00689aff. Versions above 0.6.7 do not seem to be vulnerable. $ ./imgsrv.py 192.168.1.146 Ada Image...

CVE-2014-1934

tag.py in eyeD3 aka python-eyed3 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

CVE-2013-5093

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

Design/Logic Flaw

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

PYSEC-2013-3

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

CVE-2013-5093

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

Karotz Smart Rabbit 12.07.19.00 Hijacking / Cleartext Token

Trustwave SpiderLabs Security Advisory TWSL2013-021: Multiple Vulnerabilities in Karotz Smart Rabbit Published: 08/01/13 Version: 1.0 Vendor: Electronic Arts http://www.ea.com/, formerly Mindscape, formerly Violet Product: Karotz Version affected: 12.07.19.00 Product description: Karotz is the...

[SECURITY] Fedora 19 Update: python-blivet-0.13-1.fc19

The python-blivet package is a python module for examining and modifying storage configuration...

CVE-2012-5659

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python modu...