Lucene search
K

5616 matches found

PyPA
PyPA
•added 2018/06/13 11:29 a.m.•8 views

PYSEC-2018-131

Exiv2 0.26 has integer overflows in LoaderTiff::getData in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp...

8.8CVSS7AI score0.02891EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2018/06/13 11:29 a.m.•7 views

PYSEC-2018-132

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp...

8.8CVSS7.2AI score0.02891EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2018/06/01 7:29 p.m.•8 views

PYSEC-2018-150

Hyperledger Iroha versions v1.0beta and v1.0.0beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes...

7.5CVSS7AI score0.00816EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2018/05/29 7:29 a.m.•5 views

PYSEC-2018-130

Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp...

9.8CVSS7.5AI score0.0296EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2018/05/14 3:29 a.m.•7 views

PYSEC-2018-129

In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file...

6.5CVSS6.7AI score0.02363EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2018/05/12 4:29 a.m.•8 views

PYSEC-2018-128

An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read...

6.5CVSS7.3AI score0.02433EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 2018/05/12 4:29 a.m.•6 views

PYSEC-2018-127

An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service SIGABRT by triggering an incorrect Safe::add call...

6.5CVSS6.9AI score0.02467EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2018/05/10 2:29 a.m.•7 views

PYSEC-2018-126

In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call...

6.5CVSS6.9AI score0.02524EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2018/05/08 5:29 p.m.•6 views

PYSEC-2018-104

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS6.4AI score0.00467EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2018/05/07 7:29 a.m.•8 views

PYSEC-2018-125

Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read...

6.5CVSS7.2AI score0.00978EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/05/04 8:29 p.m.•5 views

PYSEC-2018-36

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys...

7.4CVSS6.8AI score0.01963EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2018/04/24 4:29 p.m.•9 views

PYSEC-2018-39

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

9.3CVSS7.8AI score0.1765EPSS
Exploits5References10Affected Software1
PyPA
PyPA
•added 2018/04/23 10:29 p.m.•6 views

PYSEC-2018-50

In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master...

9.8CVSS7AI score0.014EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/04/18 7:29 p.m.•11 views

PYSEC-2018-75

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote...

9.3CVSS7.3AI score0.04159EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/04/18 7:29 p.m.•7 views

PYSEC-2018-31

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ctcheckcbcmacandpad; line "endpos = datalen - 1 - mac.digestsize" that c...

5.9CVSS6.9AI score0.00792EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2018/04/18 7:29 p.m.•5 views

PYSEC-2018-55

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...

7.5CVSS7.1AI score0.02431EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2018/04/13 4:29 p.m.•5 views

PYSEC-2018-83

diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive...

10CVSS7AI score0.01893EPSS
Exploits4References3Affected Software1
PyPA
PyPA
•added 2018/04/12 3:29 p.m.•5 views

PYSEC-2018-59

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

9CVSS7.7AI score0.02605EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/04/11 7:29 p.m.•6 views

PYSEC-2018-84

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows...

5.5CVSS6.5AI score0.00297EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/04/09 7:29 a.m.•5 views

PYSEC-2018-10

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS6.7AI score0.0065EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/04/06 4:29 p.m.•6 views

PYSEC-2018-100

base/oi/doa.py in the Rope library in CPython aka Python allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load...

9.8CVSS8AI score0.03015EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/04/04 8:29 p.m.•8 views

PYSEC-2018-86

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...

9.1CVSS7.1AI score0.01667EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/03/31 9:29 p.m.•5 views

PYSEC-2018-101

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses...

9.8CVSS7AI score0.76519EPSS
Exploits7References4Affected Software1
PyPA
PyPA
•added 2018/03/30 8:29 a.m.•8 views

PYSEC-2018-148

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the...

6.5CVSS7.1AI score0.01889EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2018/03/25 3:29 a.m.•5 views

PYSEC-2018-147

In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmnint.cpp allows remote attackers to cause a denial of service invalid memory access via a crafted file...

6.5CVSS6.7AI score0.0217EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2018/03/25 3:29 a.m.•6 views

PYSEC-2018-146

In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service image.cpp Exiv2::Internal::stringFormat out-of-bounds read via a crafted file...

6.5CVSS6.8AI score0.02109EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2018/03/18 6:29 a.m.•6 views

PYSEC-2018-57

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

7.8CVSS7AI score0.011EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/03/14 1:29 p.m.•6 views

PYSEC-2018-87

Mercurial version 4.5 and earlier contains a Incorrect Access Control CWE-285 vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1...

9.1CVSS6.9AI score0.02687EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2018/03/14 12:29 p.m.•6 views

PYSEC-2018-8

io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...

9.8CVSS8.3AI score0.05651EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/03/13 9:29 p.m.•6 views

PYSEC-2018-113

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application...

7.5CVSS6.8AI score0.01287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/03/13 6:29 p.m.•9 views

PYSEC-2018-19

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as...

9.8CVSS7.2AI score0.27065EPSS
Exploits10References18Affected Software1
PyPA
PyPA
•added 2018/03/13 3:29 p.m.•8 views

PYSEC-2018-112

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

5.3CVSS6.9AI score0.01279EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/03/13 3:29 p.m.•6 views

PYSEC-2018-109

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

6.5CVSS6.8AI score0.00696EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/03/13 3:29 p.m.•8 views

PYSEC-2018-46

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

7.4CVSS6.8AI score0.01243EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/03/13 3:29 p.m.•7 views

PYSEC-2018-111

Ajenti version version 2 contains a Cross ite Request Forgery CSRF vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the...

8.8CVSS7.5AI score0.01252EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/03/13 3:29 p.m.•7 views

PYSEC-2018-110

Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter...

7.5CVSS6.9AI score0.01162EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/03/12 7:29 p.m.•9 views

PYSEC-2018-108

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

9.8CVSS7.2AI score0.0178EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2018/03/09 8:29 p.m.•6 views

PYSEC-2018-5

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions only one regular expression for Django...

5.3CVSS7.1AI score0.04772EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2018/03/09 8:29 p.m.•6 views

PYSEC-2018-6

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS7AI score0.0462EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2018/03/09 4:29 p.m.•6 views

PYSEC-2018-114

Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors...

7.5CVSS8.2AI score0.02095EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2018/03/09 4:29 p.m.•5 views

PYSEC-2018-115

Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

5.3CVSS6.9AI score0.02509EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2018/03/07 11:29 p.m.•8 views

PYSEC-2018-51

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

9.8CVSS6.9AI score0.02229EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2018/02/26 10:29 p.m.•6 views

PYSEC-2018-78

uWSGI before 2.0.17 mishandles a DOCUMENTROOT check during use of the --php-docroot option, allowing directory traversal...

7.5CVSS6.9AI score0.69907EPSS
Exploits5References4Affected Software1
PyPA
PyPA
•added 2018/02/18 3:29 a.m.•7 views

PYSEC-2018-151

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...

8.8CVSS7.1AI score0.01771EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2018/02/18 3:29 a.m.•9 views

PYSEC-2018-68

An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on...

8.8CVSS7.1AI score0.01771EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2018/02/12 10:29 p.m.•7 views

PYSEC-2018-121

In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file...

6.5CVSS6.7AI score0.01173EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2018/02/12 10:29 p.m.•6 views

PYSEC-2018-124

In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864,...

6.5CVSS7.1AI score0.01581EPSS
Exploits2References4Affected Software1
PyPA
PyPA
•added 2018/02/12 10:29 p.m.•6 views

PYSEC-2018-123

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file...

6.5CVSS6.8AI score0.02172EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2018/02/12 10:29 p.m.•6 views

PYSEC-2018-122

In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file...

8.1CVSS6.8AI score0.01834EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2018/02/08 11:29 p.m.•6 views

PYSEC-2018-105

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3...

8.8CVSS6.9AI score0.01938EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5616