Lucene search
K

4602 matches found

PyPA
PyPA
•added 2019/07/28 7:15 p.m.•9 views

PYSEC-2019-245

Exiv2::PngImage::readMetadata in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service heap-based buffer over-read via a crafted image file...

6.5CVSS6.8AI score0.01116EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2019/07/28 7:15 p.m.•8 views

PYSEC-2019-246

In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp. It could result in denial of service...

6.5CVSS6.8AI score0.01116EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2019/07/19 4:15 p.m.•6 views

PYSEC-2019-120

scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: RADIUSAttrPacketListField.getfieldself... The attack vector is: over the network or in a pcap. both work...

7.5CVSS6.9AI score0.02791EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2019/07/18 5:15 p.m.•5 views

PYSEC-2019-119

SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.userchpass function from the MySQL module for Salt. The attack vector is: specially crafted...

9.8CVSS7.7AI score0.01883EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2019/07/18 5:15 p.m.•5 views

PYSEC-2019-184

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

9.8CVSS6.9AI score0.05711EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/07/17 2:15 p.m.•7 views

PYSEC-2019-179

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

7.5CVSS6.9AI score0.03855EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/07/16 12:15 a.m.•7 views

PYSEC-2019-170

An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted...

8.8CVSS6.9AI score0.00828EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/07/15 3:15 a.m.•7 views

PYSEC-2019-218

libnmap v0.6.3 is affected by: XML Injection. The impact is: Denial of service DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload...

7.5CVSS7AI score0.01553EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/07/02 10:15 p.m.•8 views

PYSEC-2019-20

verification.py in django-rest-registration aka Django REST Registration library before 0.5.0 relies on a static string for signatures i.e., the Django Signing API is misused, which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to...

9.8CVSS7.2AI score0.01621EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2019/07/01 2:15 p.m.•7 views

PYSEC-2019-10

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

5.3CVSS7AI score0.01697EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 2019/06/30 11:15 p.m.•13 views

PYSEC-2019-257

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...

6.5CVSS6.8AI score0.02115EPSS
Exploits1References7
PyPA
PyPA
•added 2019/06/27 2:15 p.m.•7 views

PYSEC-2019-103

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control issue 1 of 2...

8.1CVSS7AI score0.01164EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/06/16 12:29 p.m.•6 views

PYSEC-2019-129

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

7.4CVSS6.9AI score0.01817EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2019/06/10 12:29 p.m.•5 views

PYSEC-2019-128

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

6.1CVSS7AI score0.02535EPSS
Exploits1References10Affected Software1
PyPA
PyPA
•added 2019/06/07 5:29 p.m.•6 views

PYSEC-2019-163

aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in newaubiofilterbank via invalid nfilters...

7.5CVSS7AI score0.02058EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2019/06/07 5:29 p.m.•6 views

PYSEC-2019-164

aubio v0.4.0 to v0.4.8 has a newaubioonset NULL pointer dereference...

7.5CVSS7AI score0.0224EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2019/06/07 5:29 p.m.•5 views

PYSEC-2019-162

aubio v0.4.0 to v0.4.8 has a Buffer Overflow in newaubiotempo...

9.8CVSS7AI score0.02243EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2019/06/06 7:29 p.m.•7 views

PYSEC-2019-109

DISPUTED A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code...

7.5CVSS7AI score0.01518EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/06/06 7:29 p.m.•7 views

PYSEC-2019-199

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

7.5CVSS7.5AI score0.02105EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2019/06/03 7:29 p.m.•6 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS7AI score0.01421EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/06/03 5:29 p.m.•8 views

PYSEC-2019-79

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS6.8AI score0.02563EPSS
Exploits0References18Affected Software1
PyPA
PyPA
•added 2019/05/23 6:29 p.m.•7 views

PYSEC-2019-256

In libwebp 0.5.1, there is a double free bug in libwebpmux...

7.5CVSS6.9AI score0.01177EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/05/23 3:30 p.m.•5 views

PYSEC-2019-6

Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim...

9.8CVSS6.9AI score0.01825EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/05/15 2:29 p.m.•5 views

PYSEC-2019-242

Capstone 3.0.4 has an out-of-bounds vulnerability SEGV caused by a read memory access in X86insnregintel in arch/X86/X86Mapping.c...

5.5CVSS7AI score0.00973EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2019/05/09 6:29 p.m.•6 views

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

7.5CVSS7.1AI score0.0178EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 9:29 p.m.•5 views

PYSEC-2019-205

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent...

9.8CVSS6.9AI score0.00486EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 9:29 p.m.•5 views

PYSEC-2019-230

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent...

9.8CVSS6.9AI score0.00486EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 9:29 p.m.•5 views

PYSEC-2019-223

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent...

9.8CVSS6.9AI score0.00486EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-232

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS6.8AI score0.0043EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-210

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.7AI score0.00453EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-229

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS7.2AI score0.00442EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-222

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS7.2AI score0.00442EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-204

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS7.2AI score0.00442EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-235

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.7AI score0.00453EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•8 views

PYSEC-2019-225

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS6.8AI score0.0043EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•7 views

PYSEC-2019-207

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS6.8AI score0.0043EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/24 5:29 p.m.•6 views

PYSEC-2019-228

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.7AI score0.00453EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-231

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-226

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS7.9AI score0.00646EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-208

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS7.9AI score0.00646EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-206

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•6 views

PYSEC-2019-233

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS7.9AI score0.00646EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/23 9:29 p.m.•8 views

PYSEC-2019-224

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2019/04/22 4:29 p.m.•7 views

PYSEC-2019-188

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository...

5.9CVSS6.6AI score0.01413EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2019/04/22 4:29 p.m.•6 views

PYSEC-2019-155

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

9.3CVSS7.2AI score0.01815EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2019/04/18 9:29 p.m.•5 views

PYSEC-2019-133

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...

7.5CVSS6.9AI score0.02836EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2019/04/17 2:29 p.m.•5 views

PYSEC-2019-198

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS7.1AI score0.04636EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2019/04/15 3:29 p.m.•7 views

PYSEC-2019-132

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...

6.1CVSS7.4AI score0.02056EPSS
Exploits1References14Affected Software1
PyPA
PyPA
•added 2019/04/10 8:29 p.m.•8 views

PYSEC-2019-215

A number of HTTP endpoints in the Airflow webserver both RBAC and classic did not have adequate protection and were vulnerable to cross-site request forgery attacks...

8.8CVSS6.9AI score0.01488EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2019/04/10 8:29 p.m.•10 views

PYSEC-2019-214

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

4.8CVSS7.4AI score0.02767EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities4602