Lucene search
K

19 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-4944

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

3.3CVSS8.4AI score0.00429EPSS
Exploits1References28
Kitploit
Kitploit
added 2021/11/23 8:30 p.m.27 views

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

7.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.25 views

Python < 2.7.4, 3.2.x < 3.2.4, 3.3.x < 3.3.1 pypirc created insecurely (bpo-13512) - Linux

Python is prone to an access control vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

1.9CVSS9.5AI score0.00429EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.41 views

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

6.4CVSS7.2AI score0.0562EPSS
Exploits7References18
OSV
OSV
added 2012/08/27 11:55 p.m.1 views

DEBIAN-CVE-2011-4944

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

1.9CVSS8.2AI score0.00429EPSS
Exploits1References1
OSV
OSV
added 2012/08/27 11:55 p.m.4 views

CVE-2011-4944

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

8.9AI score
Exploits0References20
Prion
Prion
added 2012/08/27 11:55 p.m.23 views

Race condition

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

1.9CVSS6.5AI score0.00429EPSS
Exploits1References20Affected Software1
Cvelist
Cvelist
added 2012/08/27 11:0 p.m.21 views

CVE-2011-4944

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

8.9AI score0.00429EPSS
Exploits1References20
CVE
CVE
added 2012/08/27 11:0 p.m.238 views

CVE-2011-4944

CVE-2011-4944 affects Python 2.6–3.2 where ~/.pypirc is created world-readable before permissions are tightened, enabling a race condition for local users to read credentials. The connected docs confirm the issue description but do not provide a patch/version that fixes it within the supplied mat...

1.9CVSS8.1AI score0.00429EPSS
Exploits1References20Affected Software1
OSV
OSV
added 2012/08/27 11:0 p.m.3 views

PSF-2012-2 pypirc created insecurely

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

1.9CVSS8.9AI score0.00429EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2012/06/19 12:0 a.m.35 views

RHEL 6 : python (RHSA-2012:0744)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0744 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...

5CVSS7.2AI score0.0562EPSS
Exploits7References13
Tenable Nessus
Tenable Nessus
added 2012/06/19 12:0 a.m.39 views

RHEL 5 : python (RHSA-2012:0745)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0745 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...

5CVSS7.2AI score0.0506EPSS
Exploits5References11
RedHat Linux
RedHat Linux
added 2012/06/18 12:34 p.m.4 views

python: distutils creates ~/.pypirc insecurely

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

1.9CVSS6.7AI score0.00429EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/06/18 12:25 p.m.35 views

Moderate: Red Hat Security Advisory: python security update

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

5CVSS6.8AI score0.0562EPSS
Exploits7References7
RedHat Linux
RedHat Linux
added 2012/06/18 12:25 p.m.4 views

python: distutils creates ~/.pypirc insecurely

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

1.9CVSS6.7AI score0.00429EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2012/06/18 12:0 a.m.50 views

python security update

2.6.6-29.el62.2 - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 2.6.6-29.el62.1 - distutils.config: create /.pypirc securely Resolves: CVE-2011-4944 - fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845 - send encodi...

5CVSS1.3AI score0.05724EPSS
Exploits7
Oracle linux
Oracle linux
added 2012/06/18 12:0 a.m.52 views

python security update

2.4.3-46.el58.2 - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 2.4.3-46.el58.1 - distutils.commands.register: create /.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.listdirectory to protect IE7 against potential XSS attacks...

5CVSS1.6AI score0.05724EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2012/06/18 12:0 a.m.5 views

PT-2012-2011 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions 2.6 through 3.2 Description: The issue introduces a race condition where local users can obtain a username and password by reading the /.pypirc file, which is created with world-readable permissions before the permissions are...

10CVSS6.6AI score0.73461EPSS
Exploits67References304
seebug.org
seebug.org
added 2012/03/29 12:0 a.m.64 views

python 'distutils' Component '~/.pypirc'本地竞争条件漏洞

BUGTRAQ ID: 52732 CVE ID: CVE-2011-4944 Python是一种面向对象、直译式计算机程序设计语言,也是一种功能强大的通用型语言。 Python在distutils组件创建.pypirc的实现上存在本地竞争条件漏洞,可以访问受害者主目录的攻击者通过此漏洞可绕过某些权限限制,泄露敏感信息 0 Python 3.3 Python 3.2 Python 2.7 Python 2.6 Python 2.5.6 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: www.python.org...

1.9CVSS1.1AI score0.00429EPSS
Exploits1
Rows per page
Query Builder