Lucene search
K

4602 matches found

PyPA
PyPA
•added 2017/09/21 2:29 p.m.•7 views

PYSEC-2017-16

Cross-site request forgery CSRF vulnerability in Kallithea before 0.2...

8.8CVSS7AI score0.00725EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/09/20 6:29 p.m.•5 views

PYSEC-2017-46

Cross-site scripting XSS vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path...

6.1CVSS6AI score0.01762EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2017/09/20 4:29 p.m.•7 views

PYSEC-2017-47

Cross-site request forgery in the REST API in IPython 2 and 3...

8.8CVSS7AI score0.01201EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2017/09/19 3:29 p.m.•8 views

PYSEC-2017-17

Multiple cross-site scripting XSS vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name user details, or the 3 repository, 4 repository group, or 5 user group description...

5.4CVSS5.9AI score0.00944EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2017/09/14 7:29 p.m.•40 views

PYSEC-2017-5

An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability...

7.8CVSS7.8AI score0.02967EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2017/09/14 1:29 p.m.•8 views

PYSEC-2017-27

python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection...

6.1CVSS7AI score0.00809EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/09/13 4:29 p.m.•11 views

PYSEC-2017-147

In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the loc...

7.8CVSS8AI score0.00734EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/09/07 1:29 p.m.•5 views

PYSEC-2017-44

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.1AI score0.23566EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/09/05 5:29 p.m.•8 views

PYSEC-2017-83

Scrapy 1.4 allows remote attackers to cause a denial of service memory consumption via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by...

7.8CVSS6.5AI score0.01907EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2017/08/31 10:29 p.m.•8 views

PYSEC-2017-114

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...

6.5CVSS6.8AI score0.02145EPSS
Exploits1References13Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•7 views

PYSEC-2017-107

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality...

6.1CVSS5.8AI score0.01919EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•5 views

PYSEC-2017-106

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

6.1CVSS6.9AI score0.01954EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•7 views

PYSEC-2017-109

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...

6.1CVSS6.4AI score0.01955EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•8 views

PYSEC-2017-108

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

6.1CVSS6.4AI score0.01955EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•6 views

PYSEC-2017-105

Apache Atlas versions 0.6.0 incubating, 0.7.0 incubating, and 0.7.1 incubating allow access to the webapp directory contents by pointing to URIs like /js and /img...

7.5CVSS7AI score0.02127EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•22 views

PYSEC-2017-110

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

7.5CVSS7AI score0.02053EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/08/29 8:29 p.m.•9 views

PYSEC-2017-111

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting...

6.1CVSS6.8AI score0.01812EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/08/25 6:29 p.m.•5 views

PYSEC-2017-66

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

8.1CVSS6.9AI score0.02303EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2017/08/25 6:29 p.m.•7 views

PYSEC-2017-31

Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules...

7.5CVSS7AI score0.01048EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/08/25 6:29 p.m.•5 views

PYSEC-2017-49

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service bad response, or have other unspecified impact by performing a man-in-the-middle attack...

8.1CVSS6.9AI score0.02303EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/08/24 4:29 p.m.•6 views

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

7.5CVSS6.9AI score0.01804EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/08/23 2:29 p.m.•10 views

PYSEC-2017-151

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS7AI score0.04629EPSS
Exploits0References6
PyPA
PyPA
•added 2017/08/23 2:29 p.m.•8 views

PYSEC-2017-41

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS7.5AI score0.87544EPSS
Exploits10References13Affected Software1
PyPA
PyPA
•added 2017/08/23 2:29 p.m.•7 views

PYSEC-2017-35

Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID...

9.8CVSS6.9AI score0.04629EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2017/08/18 9:29 p.m.•5 views

PYSEC-2017-128

There is an illegal address access in Exiv2::FileIo::pathabi:cxx11 in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service...

6.5CVSS6.9AI score0.01418EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/08/18 9:29 p.m.•6 views

PYSEC-2017-127

There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure, which may lead to remote denial of service or possibly unspecified other impact...

8.8CVSS7.8AI score0.01676EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/08/18 9:29 p.m.•9 views

PYSEC-2017-129

There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service...

6.5CVSS7.1AI score0.01418EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/08/18 6:29 p.m.•22 views

PYSEC-2017-11

Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...

8.8CVSS7AI score0.01036EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/08/18 4:29 p.m.•8 views

PYSEC-2017-6

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file"...

6.5CVSS6.7AI score0.02466EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2017/08/15 4:29 p.m.•7 views

PYSEC-2017-1

The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...

7.5CVSS6.8AI score0.02681EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2017/08/09 6:29 p.m.•8 views

PYSEC-2017-69

Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrapsocket function in Python with the default CERTNONE value for the certreqs argument...

5.9CVSS6.8AI score0.01352EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/08/09 6:29 p.m.•7 views

PYSEC-2017-145

OpenStack Compute nova Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for...

4.7CVSS6.6AI score0.00328EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 2017/08/09 4:29 p.m.•10 views

PYSEC-2017-71

winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...

9.8CVSS6.8AI score0.0222EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2017/08/09 4:29 p.m.•9 views

PYSEC-2017-50

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

7.5CVSS7AI score0.01509EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2017/08/07 5:29 p.m.•8 views

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

6.1CVSS6.2AI score0.02055EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2017/07/27 6:29 a.m.•6 views

PYSEC-2017-126

There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input...

6.5CVSS6.8AI score0.02663EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2017/07/25 6:29 p.m.•5 views

PYSEC-2017-72

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

5.5CVSS6.2AI score0.00342EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/07/24 1:29 a.m.•5 views

PYSEC-2017-125

There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack heap memory corruption via crafted input...

7.5CVSS6.9AI score0.01738EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2017/07/24 1:29 a.m.•6 views

PYSEC-2017-124

There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input...

7.5CVSS6.8AI score0.03098EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2017/07/23 3:29 a.m.•6 views

PYSEC-2017-123

There is an illegal address access in the extendaliastable function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service...

7.5CVSS6.9AI score0.01738EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•5 views

PYSEC-2017-118

There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack...

6.5CVSS7AI score0.01424EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•6 views

PYSEC-2017-122

There is a Segmentation fault in the XmpParser::terminate function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack...

6.5CVSS6.8AI score0.01424EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•6 views

PYSEC-2017-121

There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack...

6.5CVSS7.3AI score0.01149EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•5 views

PYSEC-2017-13

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on...

7.5CVSS6.9AI score0.01505EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•13 views

PYSEC-2017-85

txAWS all current versions fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure...

5.9CVSS6.8AI score0.00746EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•8 views

PYSEC-2017-119

There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack...

6.5CVSS7AI score0.01424EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/07/17 1:18 p.m.•4 views

PYSEC-2017-120

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack...

6.5CVSS6.8AI score0.01424EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2017/06/28 1:29 p.m.•8 views

PYSEC-2017-146

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

7.5CVSS7AI score0.0297EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2017/06/26 11:29 p.m.•7 views

PYSEC-2017-142

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack...

7.5CVSS7AI score0.02808EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2017/06/14 1:29 p.m.•6 views

PYSEC-2017-95

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...

9.8CVSS7.9AI score0.0487EPSS
Exploits2References4Affected Software1
Total number of security vulnerabilities4602