Lucene search
K
PypaMost viewed

3786 matches found

PyPA
PyPA
•added 2018/09/03 7:29 p.m.•7 views

PYSEC-2018-15

An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled...

6.1CVSS6.3AI score0.01209EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/09/02 3:29 a.m.•7 views

PYSEC-2018-135

Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted image file, a different vulnerability than CVE-2018-10999...

6.5CVSS7AI score0.0273EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/08/20 1:29 p.m.•7 views

PYSEC-2018-99

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks...

7.5CVSS7.1AI score0.02188EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/08/20 12:29 a.m.•7 views

PYSEC-2018-21

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...

7.5CVSS7.2AI score0.0174EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/08/03 5:29 p.m.•7 views

PYSEC-2018-2

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect...

6.1CVSS7AI score0.2549EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2018/08/01 6:29 p.m.•7 views

PYSEC-2018-98

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...

9.1CVSS7.9AI score0.02336EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2018/07/30 5:29 p.m.•7 views

PYSEC-2018-102

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials...

8.8CVSS6.8AI score0.0087EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/07/30 4:29 p.m.•7 views

PYSEC-2018-52

A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...

7.5CVSS6.4AI score0.02605EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2018/07/23 8:29 a.m.•7 views

PYSEC-2018-63

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in newaubiopitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes...

8.8CVSS7.2AI score0.01966EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/07/19 1:29 p.m.•7 views

PYSEC-2018-152

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

7.2CVSS6.7AI score0.02106EPSS
Exploits1References13Affected Software1
PyPA
PyPA
•added 2018/07/12 1:29 p.m.•7 views

PYSEC-2018-25

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...

4.7CVSS6.6AI score0.00504EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/07/06 12:29 a.m.•7 views

PYSEC-2018-90

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

7.5CVSS6.9AI score0.02087EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2018/07/03 1:29 a.m.•7 views

PYSEC-2018-42

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on th...

5.9CVSS6.7AI score0.03088EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 2018/06/27 12:29 p.m.•7 views

PYSEC-2018-49

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

9.8CVSS9.4AI score0.06031EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2018/06/26 4:29 p.m.•7 views

PYSEC-2018-149

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

6.1CVSS6.6AI score0.01042EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2018/06/13 11:29 a.m.•7 views

PYSEC-2018-132

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp...

8.8CVSS7.2AI score0.02891EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2018/06/01 7:29 p.m.•7 views

PYSEC-2018-150

Hyperledger Iroha versions v1.0beta and v1.0.0beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes...

7.5CVSS7AI score0.00816EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2018/05/10 2:29 a.m.•7 views

PYSEC-2018-126

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call...

6.5CVSS6.9AI score0.02524EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2018/04/18 7:29 p.m.•7 views

PYSEC-2018-31

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

5.9CVSS6.9AI score0.00792EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/04/04 8:29 p.m.•7 views

PYSEC-2018-86

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...

9.1CVSS7.1AI score0.01667EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/03/30 8:29 a.m.•7 views

PYSEC-2018-148

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the...

6.5CVSS7.1AI score0.01889EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2018/03/13 3:29 p.m.•7 views

PYSEC-2018-111

Ajenti version version 2 contains a Cross ite Request Forgery CSRF vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the...

8.8CVSS7.5AI score0.01252EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/02/12 10:29 p.m.•7 views

PYSEC-2018-121

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

6.5CVSS6.7AI score0.01173EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/01/03 6:29 p.m.•7 views

PYSEC-2018-72

Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5...

6.5CVSS6.9AI score0.00923EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/01/03 6:29 p.m.•7 views

PYSEC-2018-70

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...

6.1CVSS6.7AI score0.0068EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/01/03 6:29 p.m.•7 views

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

5.4CVSS6.8AI score0.00559EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/12/31 7:29 p.m.•7 views

PYSEC-2017-141

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file...

5.5CVSS6.9AI score0.00793EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2017/11/21 5:29 p.m.•7 views

PYSEC-2017-4

A flaw was found in the way Ansible 2.3.x before 2.3.3, and 2.4.x before 2.4.1 passed certain parameters to the jenkinsplugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in th...

9.8CVSS6.4AI score0.0353EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/11/17 10:29 p.m.•7 views

PYSEC-2017-117

Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser...

5.5CVSS6.9AI score0.01119EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/11/10 9:29 a.m.•7 views

PYSEC-2017-79

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...

9.8CVSS8AI score0.03098EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2017/10/24 5:29 p.m.•7 views

PYSEC-2017-36

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an...

9.8CVSS6.9AI score0.04629EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2017/10/23 4:29 p.m.•7 views

PYSEC-2017-43

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

6.1CVSS6AI score0.01985EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/10/19 8:29 a.m.•7 views

PYSEC-2017-80

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...

6.1CVSS6.2AI score0.00923EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2017/09/29 1:34 a.m.•7 views

PYSEC-2017-131

There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack...

5.5CVSS7.2AI score0.00797EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2017/09/29 1:34 a.m.•7 views

PYSEC-2017-133

There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack...

5.5CVSS7AI score0.0083EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2017/09/29 1:34 a.m.•7 views

PYSEC-2017-136

A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service...

5.5CVSS6.8AI score0.00875EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2017/09/25 5:29 p.m.•7 views

PYSEC-2017-53

Cross-site scripting XSS vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1...

6.1CVSS6.2AI score0.01221EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/09/25 5:29 p.m.•7 views

PYSEC-2017-54

Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses...

7.5CVSS7AI score0.01666EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/09/21 2:29 p.m.•7 views

PYSEC-2017-16

Cross-site request forgery CSRF vulnerability in Kallithea before 0.2...

8.8CVSS7AI score0.00725EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/09/20 4:29 p.m.•7 views

PYSEC-2017-47

Cross-site request forgery in the REST API in IPython 2 and 3...

8.8CVSS7AI score0.01201EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2017/09/14 1:29 p.m.•7 views

PYSEC-2017-27

python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection...

6.1CVSS7AI score0.00809EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•7 views

PYSEC-2017-107

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality...

6.1CVSS5.8AI score0.01919EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•7 views

PYSEC-2017-109

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...

6.1CVSS6.4AI score0.01955EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/08/25 6:29 p.m.•7 views

PYSEC-2017-31

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules...

7.5CVSS7AI score0.01048EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/08/23 2:29 p.m.•7 views

PYSEC-2017-35

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS6.9AI score0.04629EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2017/08/23 2:29 p.m.•7 views

PYSEC-2017-41

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS7.5AI score0.87544EPSS
Exploits10References13Affected Software1
PyPA
PyPA
•added 2017/08/18 4:29 p.m.•7 views

PYSEC-2017-6

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...

6.5CVSS6.7AI score0.02466EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2017/08/15 4:29 p.m.•7 views

PYSEC-2017-1

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...

7.5CVSS6.8AI score0.02681EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2017/08/09 6:29 p.m.•7 views

PYSEC-2017-145

OpenStack Compute nova Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for...

4.7CVSS6.6AI score0.00328EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•7 views

PYSEC-2017-119

There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack...

6.5CVSS7AI score0.01424EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities3786