Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
•added 2020/01/03 1:15 a.m.•6 views

PYSEC-2020-82

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow...

9.8CVSS7.2AI score0.04212EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2019/12/16 10:15 p.m.•6 views

PYSEC-2019-173

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab...

5.3CVSS6.9AI score0.02707EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/12/16 9:15 p.m.•6 views

PYSEC-2019-209

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...

9.8CVSS7.4AI score0.00777EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2019/11/27 9:15 a.m.•6 views

PYSEC-2019-28

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...

8.8CVSS7.3AI score0.06329EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2019/11/26 3:15 p.m.•6 views

PYSEC-2019-130

typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...

7.5CVSS6.9AI score0.03255EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2019/11/26 3:15 p.m.•6 views

PYSEC-2019-131

typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...

7.5CVSS6.9AI score0.03255EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2019/11/21 3:15 p.m.•6 views

PYSEC-2019-202

python-rply before 0.7.4 insecurely creates temporary files...

5.5CVSS7AI score0.00396EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/11/08 7:15 p.m.•6 views

PYSEC-2019-195

It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...

7.5CVSS7.6AI score0.03225EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2019/11/08 7:15 p.m.•6 views

PYSEC-2019-196

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

7.5CVSS7.6AI score0.04711EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/11/04 9:15 p.m.•6 views

PYSEC-2019-175

An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...

9.8CVSS7AI score0.0304EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2019/11/04 8:15 p.m.•6 views

PYSEC-2019-156

The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories...

7.8CVSS7AI score0.00427EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2019/10/21 11:15 p.m.•6 views

PYSEC-2019-213

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion...

7.5CVSS6.7AI score0.01927EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/10/14 3:15 p.m.•6 views

PYSEC-2019-171

A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...

7.3CVSS6.7AI score0.00427EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2019/10/08 7:15 p.m.•6 views

PYSEC-2019-4

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

7.8CVSS6.5AI score0.00509EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 2019/10/04 10:15 p.m.•6 views

PYSEC-2019-110

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...

7.5CVSS7AI score0.03154EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 2019/08/22 4:15 p.m.•6 views

PYSEC-2019-106

NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ dot dot slash in an NLTK package ZIP archive that is mishandled during extraction...

7.5CVSS7.1AI score0.05831EPSS
Exploits2References9Affected Software1
PyPA
PyPA
•added 2019/08/09 4:15 p.m.•6 views

PYSEC-2019-219

Recommender before 2018-07-18 allows XSS...

6.1CVSS7AI score0.00848EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2019/08/02 3:15 p.m.•6 views

PYSEC-2019-14

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences...

7.5CVSS6.9AI score0.03073EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2019/07/18 5:15 p.m.•6 views

PYSEC-2019-184

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

9.8CVSS6.9AI score0.05711EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/06/07 5:29 p.m.•6 views

PYSEC-2019-163

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in newaubiofilterbank via invalid nfilters...

7.5CVSS7AI score0.02058EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2019/06/07 5:29 p.m.•6 views

PYSEC-2019-164

aubio v0.4.0 to v0.4.8 has a newaubioonset NULL pointer dereference...

7.5CVSS7AI score0.0224EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2019/05/09 6:29 p.m.•6 views

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

7.5CVSS7.1AI score0.0178EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 9:29 p.m.•6 views

PYSEC-2019-223

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent...

9.8CVSS6.9AI score0.00486EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-222

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS7.2AI score0.00442EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-235

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.7AI score0.00453EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-228

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.7AI score0.00453EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-204

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS7.2AI score0.00442EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-231

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-226

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS7.9AI score0.00646EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-208

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS7.9AI score0.00646EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-206

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-233

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS7.9AI score0.00646EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/17 2:29 p.m.•6 views

PYSEC-2019-198

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS7.1AI score0.04636EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/04/04 4:29 p.m.•6 views

PYSEC-2019-158

In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255...

6.1CVSS9.2AI score0.01741EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/04/02 8:29 p.m.•6 views

PYSEC-2019-165

The Serialize.deserialize method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client when they receive...

7.5CVSS6.8AI score0.0146EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/03/21 8:29 p.m.•6 views

PYSEC-2019-21

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

9.8CVSS7.6AI score0.03442EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/03/12 9:29 a.m.•6 views

PYSEC-2019-159

An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...

5.4CVSS6.7AI score0.01636EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/03/12 2:29 a.m.•6 views

PYSEC-2019-139

An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...

8.1CVSS7AI score0.0112EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/02/25 3:29 p.m.•6 views

PYSEC-2019-248

An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

8.8CVSS7.3AI score0.02769EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2019/02/03 8:29 a.m.•6 views

PYSEC-2019-7

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS7.3AI score0.0087EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/01/23 5:29 p.m.•6 views

PYSEC-2019-143

The LDAP auth backend airflow.contrib.auth.backends.ldapauth prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking...

7.5CVSS7AI score0.01016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/01/10 9:29 p.m.•6 views

PYSEC-2019-150

Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles...

6.1CVSS6.9AI score0.00784EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/12/21 11:29 p.m.•6 views

PYSEC-2018-82

There is a vulnerability in load method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution...

9.8CVSS7.7AI score0.0343EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/12/20 5:29 p.m.•6 views

PYSEC-2018-22

OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors similar issue to CVE-2015-5262 vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear...

6.5CVSS7AI score0.19312EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/12/17 7:29 p.m.•6 views

PYSEC-2018-103

ymlref allows code injection...

9.8CVSS7.2AI score0.01818EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/12/11 5:29 p.m.•6 views

PYSEC-2018-32

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

9.8CVSS6.9AI score0.04488EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2018/11/08 8:29 a.m.•6 views

PYSEC-2018-142

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service infinite loop caused by an integer overflow via a crafted PSD image file...

6.5CVSS7AI score0.01936EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 2018/11/03 4:29 a.m.•6 views

PYSEC-2018-140

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack...

6.5CVSS6.8AI score0.01844EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/11/02 9:29 p.m.•6 views

PYSEC-2018-92

A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh privatekeyfilename can take an absolute path, it can be used to...

7.5CVSS6.6AI score0.0152EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/10/24 10:29 p.m.•6 views

PYSEC-2018-30

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-apinetapi...

9.8CVSS8AI score0.05199EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities5000