7035 matches found
PYSEC-2019-234
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...
PYSEC-2019-209
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...
PYSEC-2019-200
python-requests-Kerberos through 0.5 does not handle mutual authentication...
PYSEC-2019-105
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...
PYSEC-2019-251
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...
PYSEC-2019-161
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass...
PYSEC-2019-197
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass...
PYSEC-2019-154
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...
PYSEC-2019-29
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
PYSEC-2019-134
The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6...
PYSEC-2019-15
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...
PYSEC-2019-135
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0...
PYSEC-2019-28
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function berscanf was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger...
PYSEC-2019-168
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...
PYSEC-2019-22
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...
PYSEC-2019-130
typedast 1.3.0 and 1.3.1 has a handlekeywordonlyargs out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that...
PYSEC-2019-131
typedast 1.3.0 and 1.3.1 has an astforarguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that pars...
PYSEC-2019-146
ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None...
PYSEC-2019-177
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
PYSEC-2019-3
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
PYSEC-2019-182
Python keyring has insecure permissions on new databases allowing world-readable files to be created...
PYSEC-2019-243
Designate does not enforce the DNS protocol limit concerning record set sizes...
PYSEC-2019-145
ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...
PYSEC-2019-202
python-rply before 0.7.4 insecurely creates temporary files...
PYSEC-2019-211
trytond 2.4: ModelView.button fails to validate authorization...
PYSEC-2019-102
Eval injection in the Math plugin of Limnoria before 2019.11.09 and Supybot through 2018-05-09 allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands...
PYSEC-2019-212
Python Twisted 14.0 trustRoot is not respected in HTTP client...
PYSEC-2019-41
psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object...
PYSEC-2019-195
It was discovered that the C++ implementation which underlies the R, Python and Ruby implementations of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow...
PYSEC-2019-196
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
PYSEC-2019-186
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
PYSEC-2019-253
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval...
PYSEC-2019-160
The mirroring support -M, --use-mirrors in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks...
PYSEC-2019-175
An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...
PYSEC-2019-156
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories...
PYSEC-2019-176
python-docutils allows insecure usage of temporary files...
PYSEC-2019-157
Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document...
PYSEC-2019-216
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
PYSEC-2019-181
Python keyring lib before 0.10 created keyring files with world-readable permissions...
PYSEC-2019-213
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion...
PYSEC-2019-117
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with '...
PYSEC-2019-171
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
PYSEC-2019-241
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogrexpat.cpp when the 10MB threshold is exceeded...
PYSEC-2019-151
sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...
PYSEC-2019-183
Koji through 1.18.0 allows remote Directory Traversal, with resultant Privilege Escalation...
PYSEC-2019-247
Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimageint.cpp, because there is no validation of the relationship of the total size to the offset and size...
PYSEC-2019-4
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...
PYSEC-2019-116
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...
PYSEC-2019-110
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image...
PYSEC-2019-125
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact...