Lucene search
K
PypaMost viewed

5620 matches found

PyPA
PyPA
•added 2019/07/30 5:15 p.m.•7 views

PYSEC-2019-152

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection...

9.1CVSS7.2AI score0.02464EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2019/07/19 4:15 p.m.•7 views

PYSEC-2019-120

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: RADIUSAttrPacketListField.getfieldself... The attack vector is: over the network or in a pcap. both work...

7.5CVSS6.9AI score0.02791EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2019/07/16 12:15 a.m.•7 views

PYSEC-2019-170

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/07/15 3:15 a.m.•7 views

PYSEC-2019-218

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

7.5CVSS7AI score0.01553EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/07/01 2:15 p.m.•7 views

PYSEC-2019-10

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

5.3CVSS7AI score0.01697EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2019/06/27 2:15 p.m.•7 views

PYSEC-2019-103

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control issue 1 of 2...

8.1CVSS7AI score0.01164EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/06/16 12:29 p.m.•7 views

PYSEC-2019-129

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

7.4CVSS6.9AI score0.01817EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2019/06/06 7:29 p.m.•7 views

PYSEC-2019-109

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

7.5CVSS7AI score0.01518EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/06/06 7:29 p.m.•7 views

PYSEC-2019-199

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.5AI score0.02105EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2019/06/03 7:29 p.m.•7 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS7AI score0.01421EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/05/23 6:29 p.m.•7 views

PYSEC-2019-256

In libwebp 0.5.1, there is a double free bug in libwebpmux...

7.5CVSS6.9AI score0.01355EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-210

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.7AI score0.00453EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-232

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS6.8AI score0.0043EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-207

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS6.8AI score0.0043EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-229

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS7.2AI score0.00442EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/22 4:29 p.m.•7 views

PYSEC-2019-188

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS6.6AI score0.01413EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2019/04/22 4:29 p.m.•7 views

PYSEC-2019-155

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

9.3CVSS7.2AI score0.01815EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/07 12:29 a.m.•7 views

PYSEC-2019-217

In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape...

8.6CVSS7AI score0.03603EPSS
Exploits1References20Affected Software1
PyPA
PyPA
•added 2019/03/26 6:29 p.m.•7 views

PYSEC-2019-78

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...

7.8CVSS6.7AI score0.00386EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2019/03/26 6:29 p.m.•7 views

PYSEC-2019-193

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

7.5CVSS6.7AI score0.00878EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/03/21 4:1 p.m.•7 views

PYSEC-2019-187

Matrix Synapse before 0.34.0.1, when the macaroonsecretkey authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users...

7.5CVSS7.1AI score0.02418EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2019/02/20 12:29 a.m.•7 views

PYSEC-2019-123

SQLAlchemy before 1.3.0b3 allows SQL Injection via the orderby parameter. The fix commit 30307c4 was applied only to the main branch and was never backported to the 1.2.x release line; all 1.2.x versions remain vulnerable...

9.8CVSS7.8AI score0.03525EPSS
Exploits2References9Affected Software1
PyPA
PyPA
•added 2019/02/06 9:29 p.m.•7 views

PYSEC-2019-124

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

7.8CVSS8.1AI score0.01777EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2019/02/01 9:29 a.m.•7 views

PYSEC-2019-167

In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis...

7.5CVSS6.8AI score0.01762EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/01/25 4:29 a.m.•7 views

PYSEC-2019-113

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

6.1CVSS6.7AI score0.03922EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/01/23 5:29 p.m.•7 views

PYSEC-2019-149

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the...

9.8CVSS6.3AI score0.02166EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/01/23 5:29 p.m.•7 views

PYSEC-2019-147

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object...

8.8CVSS7.2AI score0.02044EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/01/23 5:29 p.m.•7 views

PYSEC-2019-148

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow...

8.8CVSS7.7AI score0.01295EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/01/21 6:29 a.m.•7 views

PYSEC-2019-250

GattLib 0.2 has a stack-based buffer over-read in gattlibconnect in dbus/gattlib.c because strncpy is misused...

8.8CVSS7.2AI score0.04965EPSS
Exploits5References7Affected Software1
PyPA
PyPA
•added 2019/01/16 5:29 a.m.•7 views

PYSEC-2019-108

DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior...

9.8CVSS7.9AI score0.17078EPSS
Exploits2References10Affected Software1
PyPA
PyPA
•added 2019/01/10 9:29 p.m.•7 views

PYSEC-2019-153

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution...

9.8CVSS7.7AI score0.028EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/12/20 3:29 p.m.•7 views

PYSEC-2018-35

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via Recreation of a cookie post-expiry with the same value...

6.5CVSS6.8AI score0.00965EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/12/12 10:29 a.m.•7 views

PYSEC-2018-117

There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

6.5CVSS7AI score0.02762EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2018/12/12 10:29 a.m.•7 views

PYSEC-2018-120

There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

6.5CVSS6.8AI score0.02289EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2018/12/12 10:29 a.m.•7 views

PYSEC-2018-119

There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack...

6.5CVSS7AI score0.02567EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2018/11/29 6:29 p.m.•7 views

PYSEC-2018-60

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext passwor...

4.4CVSS6.7AI score0.00535EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2018/11/27 7:29 a.m.•7 views

PYSEC-2018-143

Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...

6.5CVSS6.7AI score0.0217EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2018/11/22 7:29 p.m.•7 views

PYSEC-2018-77

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a...

5.9CVSS6.8AI score0.00856EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/11/18 5:29 p.m.•7 views

PYSEC-2018-17

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

6.1CVSS6.3AI score0.01511EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2018/11/08 8:29 a.m.•7 views

PYSEC-2018-141

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp called from psdimage.cpp in the PSD image reader may suffer from a denial of service heap-based buffer over-read caused by an integer overflow via a crafted PSD image file...

6.5CVSS7.2AI score0.01816EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2018/10/30 6:29 p.m.•7 views

PYSEC-2018-85

python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request...

7.5CVSS6.8AI score0.02174EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/10/24 9:29 p.m.•7 views

PYSEC-2018-107

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

6.1CVSS6.2AI score0.0356EPSS
Exploits5References4Affected Software1
PyPA
PyPA
•added 2018/10/15 7:29 p.m.•7 views

PYSEC-2018-47

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.01924EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2018/10/08 3:29 p.m.•7 views

PYSEC-2018-24

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

5.9CVSS6.8AI score0.01895EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2018/09/28 9:29 a.m.•7 views

PYSEC-2018-139

CiffDirectory::readDirectory at crwimageint.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service...

6.5CVSS6.9AI score0.0235EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 2018/09/10 7:29 p.m.•7 views

PYSEC-2018-93

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from...

6.5CVSS6.6AI score0.02527EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2018/09/05 10:29 p.m.•7 views

PYSEC-2018-65

MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users//edit/, and /accounts//delete/ URIs...

8.8CVSS7AI score0.00638EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/09/05 2:29 p.m.•7 views

PYSEC-2018-54

helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL...

6.1CVSS6.2AI score0.01213EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/09/03 7:29 p.m.•7 views

PYSEC-2018-16

An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS...

6.1CVSS7AI score0.01327EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/09/03 7:29 p.m.•7 views

PYSEC-2018-14

An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label...

6.1CVSS6.1AI score0.01327EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities5000