diff --git "a/CVE-Java(Script).csv" "b/CVE-Java(Script).csv" new file mode 100644--- /dev/null +++ "b/CVE-Java(Script).csv" @@ -0,0 +1,844 @@ +"Name","Status","Description","References","Phase","Votes", +CVE-2002-0131;Candidate;ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.;BID:3893 | URL:http://www.securityfocus.com/bid/3893 | BUGTRAQ:20020115 Serious privacy leak in Python for Windows | URL:http://marc.info/?t=101113015900001&r=1&w=2 | BUGTRAQ:20020116 Re: Serious privacy leak in Python for Windows | URL:http://www.securityfocus.com/archive/1/250814 | XF:activepython-activex-read-files(7910) | URL:http://www.iss.net/security_center/static/7910.php;Modified (20050527); ACCEPT(2) Frech, Green | NOOP(3) Cole, Foat, Wall +CVE-2002-0185;Entry;mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.;BID:4656 | URL:http://www.securityfocus.com/bid/4656 | CONECTIVA:CLA-2002:477 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477 | MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html | MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html | REDHAT:RHSA-2002:070 | URL:http://www.redhat.com/support/errata/RHSA-2002-070.html | XF:modpython-imported-module-access(8997) | URL:http://www.iss.net/security_center/static/8997.php;; +CVE-2002-1119;Entry;os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.;BID:5581 | URL:http://www.securityfocus.com/bid/5581 | BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) | URL:http://marc.info/?l=bugtraq&m=104333092200589&w=2 | CALDERA:CSSA-2002-045.0 | URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt | CONECTIVA:CLA-2002:527 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527 | DEBIAN:DSA-159 | URL:http://www.debian.org/security/2002/dsa-159 | MANDRAKE:MDKSA-2002:082 | URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php | MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html | REDHAT:RHSA-2002:202 | URL:http://www.redhat.com/support/errata/RHSA-2002-202.html | REDHAT:RHSA-2003:048 | URL:http://www.redhat.com/support/errata/RHSA-2003-048.html | XF:python-execvpe-tmpfile-symlink(10009) | URL:http://www.iss.net/security_center/static/10009.php;; +CVE-2003-0973;Candidate;Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.;CONECTIVA:CLA-2004:837 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000837 | CONFIRM:http://www.modpython.org/pipermail/mod_python/2003-November/004005.html | DEBIAN:DSA-452 | URL:http://www.debian.org/security/2004/dsa-452 | FEDORA:FEDORA-2004-1325 | URL:http://bugzilla.fedora.us/show_bug.cgi?id=1325 | OVAL:oval:org.mitre.oval:def:10259 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10259 | OVAL:oval:org.mitre.oval:def:828 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A828 | OVAL:oval:org.mitre.oval:def:839 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A839 | REDHAT:RHSA-2004:058 | URL:http://www.redhat.com/support/errata/RHSA-2004-058.html | REDHAT:RHSA-2004:063 | URL:http://www.redhat.com/support/errata/RHSA-2004-063.html;Assigned (20031201);None (candidate not yet proposed) +CVE-2004-0096;Entry;Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.;GENTOO:GLSA-200401-03 | URL:http://security.gentoo.org/glsa/glsa-200401-03.xml | MLIST:[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10 | URL:http://www.modpython.org/pipermail/mod_python/2004-January/014879.html | REDHAT:RHSA-2004:058 | URL:http://www.redhat.com/support/errata/RHSA-2004-058.html | REDHAT:RHSA-2004:063 | URL:http://www.redhat.com/support/errata/RHSA-2004-063.html;; +CVE-2004-0150;Entry;Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.;BID:9836 | URL:http://www.securityfocus.com/bid/9836 | DEBIAN:DSA-458 | URL:http://www.debian.org/security/2004/dsa-458 | GENTOO:GLSA-200409-03 | URL:http://www.gentoo.org/security/en/glsa/glsa-200409-03.xml | MANDRAKE:MDKSA-2004:019 | URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019 | OSVDB:4172 | URL:http://www.osvdb.org/4172 | XF:python-getaddrinfo-bo(15409) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15409;; +CVE-2004-2680;Candidate;mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.;BID:22849 | URL:http://www.securityfocus.com/bid/22849 | BUGTRAQ:20070307 rPSA-2007-0051-1 mod_python | URL:http://www.securityfocus.com/archive/1/462185/100/0/threaded | CONFIRM:http://svn.apache.org/viewvc/httpd/mod_python/trunk/src/filterobject.c?r1=102649&r2=103561&pathrev=103561 | CONFIRM:https://issues.rpath.com/browse/RPL-1105 | CONFIRM:https://launchpad.net/bugs/89308 | MLIST:[httpd-python-dev] 20040416 Re: possible bug in filter.write() | URL:http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3c6DCA8C14-8FFA-11D8-8B4E-000A95B0D772@pixar.com%3e | MLIST:[httpd-python-dev] 20040416 patch for filterobject.c | URL:http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cEB279100-9000-11D8-8B4E-000A95B0D772@pixar.com%3e | MLIST:[httpd-python-dev] 20040416 possible bug in filter.write() | URL:http://mail-archives.apache.org/mod_mbox/httpd-python-dev/200404.mbox/%3cCD485B27-8F3E-11D8-934B-000A95B0D772@pixar.com%3e | SECUNIA:24418 | URL:http://secunia.com/advisories/24418 | SECUNIA:24424 | URL:http://secunia.com/advisories/24424 | UBUNTU:USN-430-1 | URL:http://www.ubuntu.com/usn/usn-430-1 | VUPEN:ADV-2007-0846 | URL:http://www.vupen.com/english/advisories/2007/0846 | XF:modpython-outputfilter-info-disclosure(14751) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14751;Assigned (20070304);None (candidate not yet proposed) +CVE-2005-0088;Candidate;The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.;BID:12519 | URL:http://www.securityfocus.com/bid/12519 | BUGTRAQ:20050211 [USN-80-1] mod_python vulnerability | URL:http://marc.info/?l=bugtraq&m=110815313218389&w=2 | CERT-VN:VU#356409 | URL:http://www.kb.cert.org/vuls/id/356409 | CONECTIVA:CLA-2005:926 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000926 | DEBIAN:DSA-689 | URL:http://www.debian.org/security/2005/dsa-689 | FEDORA:FLSA:152896 | URL:http://www.securityfocus.com/archive/1/430286/100/0/threaded | GENTOO:GLSA-200502-14 | URL:http://security.gentoo.org/glsa/glsa-200502-14.xml | OVAL:oval:org.mitre.oval:def:10617 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10617 | REDHAT:RHSA-2005:100 | URL:http://www.redhat.com/support/errata/RHSA-2005-100.html | REDHAT:RHSA-2005:104 | URL:http://www.redhat.com/support/errata/RHSA-2005-104.html | SECTRACK:1013156 | URL:http://securitytracker.com/id?1013156 | TRUSTIX:2005-0003 | URL:http://www.trustix.org/errata/2005/0003/;Assigned (20050118);None (candidate not yet proposed) +CVE-2005-0089;Candidate;The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.;BID:12437 | URL:http://www.securityfocus.com/bid/12437 | BUGTRAQ:20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py | URL:http://marc.info/?l=bugtraq&m=110746469728728&w=2 | CONFIRM:http://python.org/security/PSF-2005-001/patch-2.2.txt | CONFIRM:http://www.python.org/security/PSF-2005-001/ | DEBIAN:DSA-666 | URL:http://www.debian.org/security/2005/dsa-666 | MANDRAKE:MDKSA-2005:035 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:035 | OVAL:oval:org.mitre.oval:def:9811 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811 | REDHAT:RHSA-2005:108 | URL:http://www.redhat.com/support/errata/RHSA-2005-108.html | SECTRACK:1013083 | URL:http://securitytracker.com/id?1013083 | SECUNIA:14128 | URL:http://secunia.com/advisories/14128 | TRUSTIX:2005-0003 | URL:http://www.trustix.org/errata/2005/0003/ | XF:python-simplexmlrpcserver-bypass(19217) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/19217;Assigned (20050118);None (candidate not yet proposed) +CVE-2005-0852;Candidate;Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.;BID:12870 | URL:http://www.securityfocus.com/bid/12870 | BUGTRAQ:20050322 Possible windows+python bug | URL:http://www.securityfocus.com/archive/1/393956;Assigned (20050324);None (candidate not yet proposed) +CVE-2005-1632;Candidate;Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.;CONFIRM:http://sourceforge.net/mailarchive/forum.php?thread_id=7070332&forum_id=1542 | OSVDB:16622 | URL:http://www.osvdb.org/16622 | SECUNIA:15386 | URL:http://secunia.com/advisories/15386;Assigned (20050517);None (candidate not yet proposed) +CVE-2005-2483;Candidate;Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.;BID:14463 | URL:http://www.securityfocus.com/bid/14463 | MLIST:[karrigell-main] 20050731 SECURITY: python namespace exposure | URL:http://sourceforge.net/mailarchive/forum.php?thread_id=7863293&forum_id=32318 | MLIST:[karrigell-main] 20050802 Re: SECURITY: python namespace exposure | URL:http://sourceforge.net/mailarchive/message.php?msg_id=12539317 | OSVDB:18506 | URL:http://www.osvdb.org/18506 | SECUNIA:16319 | URL:http://secunia.com/advisories/16319 | XF:karrigel-dos(21668) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/21668;Assigned (20050807);None (candidate not yet proposed) +CVE-2005-2491;Candidate;Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.;MISC:1014744 | URL:http://securitytracker.com/id?1014744 | MISC:102198 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 | MISC:14620 | URL:http://www.securityfocus.com/bid/14620 | MISC:15647 | URL:http://www.securityfocus.com/bid/15647 | MISC:16502 | URL:http://secunia.com/advisories/16502 | MISC:16679 | URL:http://secunia.com/advisories/16679 | MISC:17252 | URL:http://secunia.com/advisories/17252 | MISC:17813 | URL:http://secunia.com/advisories/17813 | MISC:19072 | URL:http://secunia.com/advisories/19072 | MISC:19193 | URL:http://secunia.com/advisories/19193 | MISC:19532 | URL:http://secunia.com/advisories/19532 | MISC:20060401-01-U | URL:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U | MISC:21522 | URL:http://secunia.com/advisories/21522 | MISC:22691 | URL:http://secunia.com/advisories/22691 | MISC:22875 | URL:http://secunia.com/advisories/22875 | MISC:604 | URL:http://securityreason.com/securityalert/604 | MISC:ADV-2005-1511 | URL:http://www.vupen.com/english/advisories/2005/1511 | MISC:ADV-2005-2659 | URL:http://www.vupen.com/english/advisories/2005/2659 | MISC:ADV-2006-0789 | URL:http://www.vupen.com/english/advisories/2006/0789 | MISC:ADV-2006-4320 | URL:http://www.vupen.com/english/advisories/2006/4320 | MISC:ADV-2006-4502 | URL:http://www.vupen.com/english/advisories/2006/4502 | MISC:APPLE-SA-2005-11-29 | URL:http://docs.info.apple.com/article.html?artnum=302847 | MISC:DSA-800 | URL:http://www.debian.org/security/2005/dsa-800 | MISC:DSA-817 | URL:http://www.debian.org/security/2005/dsa-817 | MISC:DSA-819 | URL:http://www.debian.org/security/2005/dsa-819 | MISC:DSA-821 | URL:http://www.debian.org/security/2005/dsa-821 | MISC:FLSA:168516 | URL:http://www.securityfocus.com/archive/1/427046/100/0/threaded | MISC:GLSA-200508-17 | URL:http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml | MISC:GLSA-200509-02 | URL:http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml | MISC:GLSA-200509-08 | URL:http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml | MISC:GLSA-200509-12 | URL:http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml | MISC:GLSA-200509-19 | URL:http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml | MISC:HPSBMA02159 | URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 | MISC:HPSBOV02683 | URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 | MISC:HPSBUX02074 | URL:http://www.securityfocus.com/archive/1/428138/100/0/threaded | MISC:OpenPKG-SA-2005.018 | URL:http://marc.info/?l=bugtraq&m=112606064317223&w=2 | MISC:RHSA-2005:358 | URL:http://www.redhat.com/support/errata/RHSA-2005-358.html | MISC:RHSA-2005:761 | URL:http://www.redhat.com/support/errata/RHSA-2005-761.html | MISC:RHSA-2006:0197 | URL:http://www.redhat.com/support/errata/RHSA-2006-0197.html | MISC:SCOSA-2006.10 | URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt | MISC:SSRT051251 | URL:http://www.securityfocus.com/archive/1/428138/100/0/threaded | MISC:SSRT061238 | URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522 | MISC:SSRT090208 | URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 | MISC:SUSE-SA:2005:048 | URL:http://www.novell.com/linux/security/advisories/2005_48_pcre.html | MISC:SUSE-SA:2005:049 | URL:http://www.novell.com/linux/security/advisories/2005_49_php.html | MISC:SUSE-SA:2005:051 | URL:http://marc.info/?l=bugtraq&m=112605112027335&w=2 | MISC:SUSE-SA:2005:052 | URL:http://www.novell.com/linux/security/advisories/2005_52_apache2.html | MISC:TSLSA-2005-0059 | URL:http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html | MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ | URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ | URL:https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E | MISC:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E | MISC:http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf | URL:http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf | MISC:http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf | URL:http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf | MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm | URL:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm | MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm | URL:http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm | MISC:http://www.ethereal.com/appnotes/enpa-sa-00021.html | URL:http://www.ethereal.com/appnotes/enpa-sa-00021.html | MISC:http://www.php.net/release_4_4_1.php | URL:http://www.php.net/release_4_4_1.php | MISC:oval:org.mitre.oval:def:11516 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516 | MISC:oval:org.mitre.oval:def:1496 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496 | MISC:oval:org.mitre.oval:def:1659 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659 | MISC:oval:org.mitre.oval:def:735 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735;Assigned (20050808);None (candidate not yet proposed) +CVE-2005-2875;Candidate;Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.;BID:14864 | URL:http://www.securityfocus.com/bid/14864 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976 | CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=103524 | DEBIAN:DSA-856 | URL:http://www.debian.org/security/2005/dsa-856 | GENTOO:GLSA-200509-09 | URL:http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml | MISC:http://soya.literati.org/ | SECUNIA:16855 | URL:http://secunia.com/advisories/16855 | SECUNIA:17106 | URL:http://secunia.com/advisories/17106;Assigned (20050913);None (candidate not yet proposed) +CVE-2005-2966;Candidate;The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.;BID:15000 | URL:http://www.securityfocus.com/bid/15000 | DEBIAN:DSA-1025 | URL:http://www.debian.org/security/2006/dsa-1025 | DEBIAN:DSA-847 | URL:http://www.debian.org/security/2005/dsa-847 | GENTOO:GLSA-200510-06 | URL:http://www.gentoo.org/security/en/glsa/glsa-200510-06.xml | MANDRIVA:MDKSA-2005:187 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:187 | SECUNIA:17047 | URL:http://secunia.com/advisories/17047 | SECUNIA:17059 | URL:http://secunia.com/advisories/17059 | SECUNIA:17083 | URL:http://secunia.com/advisories/17083 | SECUNIA:17095 | URL:http://secunia.com/advisories/17095 | SECUNIA:17108 | URL:http://secunia.com/advisories/17108 | SUSE:SUSE-SR:2005:022 | URL:http://www.novell.com/linux/security/advisories/2005_22_sr.html | UBUNTU:USN-193-1 | URL:https://usn.ubuntu.com/193-1/ | VUPEN:ADV-2005-1950 | URL:http://www.vupen.com/english/advisories/2005/1950;Assigned (20050919);None (candidate not yet proposed) +CVE-2005-3008;Candidate;Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.;BID:14865 | URL:http://www.securityfocus.com/bid/14865 | MISC:http://soya.literati.org/ | OSVDB:19570 | URL:http://www.osvdb.org/19570 | SECUNIA:16876 | URL:http://secunia.com/advisories/16876;Assigned (20050921);None (candidate not yet proposed) +CVE-2005-3291;Candidate;Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.;BID:15113 | URL:http://www.securityfocus.com/bid/15113 | GENTOO:GLSA-200510-13 | URL:http://www.gentoo.org/security/en/glsa/glsa-200510-13.xml | SECUNIA:17224 | URL:http://secunia.com/advisories/17224 | SECUNIA:17241 | URL:http://secunia.com/advisories/17241;Assigned (20051023);None (candidate not yet proposed) +CVE-2005-3302;Candidate;Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.;BID:17663 | URL:http://www.securityfocus.com/bid/17663 | DEBIAN:DSA-1039 | URL:http://www.debian.org/security/2006/dsa-1039 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330895 | SECUNIA:19754 | URL:http://secunia.com/advisories/19754;Assigned (20051024);None (candidate not yet proposed) +CVE-2006-0052;Candidate;The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.;BID:17311 | URL:http://www.securityfocus.com/bid/17311 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892 | DEBIAN:DSA-1027 | URL:http://www.debian.org/security/2006/dsa-1027 | MANDRIVA:MDKSA-2006:061 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:061 | OSVDB:24367 | URL:http://www.osvdb.org/24367 | OVAL:oval:org.mitre.oval:def:9475 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475 | REDHAT:RHSA-2006:0486 | URL:http://www.redhat.com/support/errata/RHSA-2006-0486.html | SECTRACK:1015851 | URL:http://securitytracker.com/id?1015851 | SECUNIA:19522 | URL:http://secunia.com/advisories/19522 | SECUNIA:19545 | URL:http://secunia.com/advisories/19545 | SECUNIA:19571 | URL:http://secunia.com/advisories/19571 | SECUNIA:20624 | URL:http://secunia.com/advisories/20624 | SECUNIA:20782 | URL:http://secunia.com/advisories/20782 | SGI:20060602-01-U | URL:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc | SUSE:SUSE-SR:2006:008 | URL:http://www.novell.com/linux/security/advisories/2006_08_sr.html | UBUNTU:USN-267-1 | URL:https://usn.ubuntu.com/267-1/;Assigned (20051228);None (candidate not yet proposed) +CVE-2006-0151;Candidate;sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.;BID:16184 | URL:http://www.securityfocus.com/bid/16184 | DEBIAN:DSA-946 | URL:http://www.debian.org/security/2006/dsa-946 | MANDRIVA:MDKSA-2006:159 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:159 | SECUNIA:18358 | URL:http://secunia.com/advisories/18358 | SECUNIA:18363 | URL:http://secunia.com/advisories/18363 | SECUNIA:18549 | URL:http://secunia.com/advisories/18549 | SECUNIA:18558 | URL:http://secunia.com/advisories/18558 | SECUNIA:18906 | URL:http://secunia.com/advisories/18906 | SECUNIA:19016 | URL:http://secunia.com/advisories/19016 | SECUNIA:21692 | URL:http://secunia.com/advisories/21692 | SLACKWARE:SSA:2006-045-08 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822 | SUSE:SUSE-SR:2006:002 | URL:http://www.novell.com/linux/security/advisories/2006_02_sr.html | TRUSTIX:2006-0010 | URL:http://www.trustix.org/errata/2006/0010 | UBUNTU:USN-235-2 | URL:https://usn.ubuntu.com/235-2/;Assigned (20060109);None (candidate not yet proposed) +CVE-2006-1095;Candidate;Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.;BID:16916 | URL:http://www.securityfocus.com/bid/16916 | CONFIRM:http://svn.apache.org/viewcvs.cgi/httpd/mod_python/branches/3.2.x/NEWS?rev=378945 | CONFIRM:http://www.modpython.org/fs_sec_warn.html | MISC:http://www.cgisecurity.com/2006/02/07 | SECTRACK:1015764 | URL:http://securitytracker.com/id?1015764 | SECUNIA:19239 | URL:http://secunia.com/advisories/19239 | VUPEN:ADV-2006-0768 | URL:http://www.vupen.com/english/advisories/2006/0768 | XF:modpython-filesession-command-execution(24965) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24965;Assigned (20060309);None (candidate not yet proposed) +CVE-2006-1542;Candidate;"Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a ""stack overflow,"" and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.";EXPLOIT-DB:1591 | URL:https://www.exploit-db.com/exploits/1591 | MISC:http://www.gotfault.net/research/exploit/gexp-python.py | REDHAT:RHSA-2008:0629 | URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html | SECUNIA:31492 | URL:http://secunia.com/advisories/31492;Assigned (20060330);None (candidate not yet proposed) +CVE-2006-4980;Candidate;Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.;BID:20376 | URL:http://www.securityfocus.com/bid/20376 | BUGTRAQ:20061011 rPSA-2006-0187-1 idle python | URL:http://www.securityfocus.com/archive/1/448244/100/100/threaded | BUGTRAQ:20070110 VMware ESX server security updates | URL:http://www.securityfocus.com/archive/1/456546/100/200/threaded | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589 | CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162 | CONFIRM:http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html | CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1541585&group_id=5470&atid=305470 | CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm | CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html | CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html | CONFIRM:http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff | CONFIRM:https://issues.rpath.com/browse/RPL-702 | CONFIRM:https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633 | DEBIAN:DSA-1197 | URL:http://www.debian.org/security/2006/dsa-1197 | DEBIAN:DSA-1198 | URL:http://www.debian.org/security/2006/dsa-1198 | GENTOO:GLSA-200610-07 | URL:http://security.gentoo.org/glsa/glsa-200610-07.xml | MANDRIVA:MDKSA-2006:181 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:181 | OVAL:oval:org.mitre.oval:def:10789 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10789 | REDHAT:RHSA-2006:0713 | URL:http://www.redhat.com/support/errata/RHSA-2006-0713.html | REDHAT:RHSA-2008:0629 | URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html | SECTRACK:1017019 | URL:http://securitytracker.com/id?1017019 | SECUNIA:22276 | URL:http://secunia.com/advisories/22276 | SECUNIA:22297 | URL:http://secunia.com/advisories/22297 | SECUNIA:22303 | URL:http://secunia.com/advisories/22303 | SECUNIA:22357 | URL:http://secunia.com/advisories/22357 | SECUNIA:22358 | URL:http://secunia.com/advisories/22358 | SECUNIA:22379 | URL:http://secunia.com/advisories/22379 | SECUNIA:22448 | URL:http://secunia.com/advisories/22448 | SECUNIA:22487 | URL:http://secunia.com/advisories/22487 | SECUNIA:22512 | URL:http://secunia.com/advisories/22512 | SECUNIA:22531 | URL:http://secunia.com/advisories/22531 | SECUNIA:22639 | URL:http://secunia.com/advisories/22639 | SECUNIA:23680 | URL:http://secunia.com/advisories/23680 | SECUNIA:31492 | URL:http://secunia.com/advisories/31492 | SGI:20061001-01-P | URL:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc | SUSE:SUSE-SR:2006:025 | URL:http://www.novell.com/linux/security/advisories/2006_25_sr.html | UBUNTU:USN-359-1 | URL:http://www.ubuntu.com/usn/usn-359-1 | VUPEN:ADV-2006-3940 | URL:http://www.vupen.com/english/advisories/2006/3940 | VUPEN:ADV-2006-5131 | URL:http://www.vupen.com/english/advisories/2006/5131 | XF:python-repr-bo(29408) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29408;Assigned (20060925);None (candidate not yet proposed) +CVE-2007-1253;Candidate;Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.;BID:22770 | URL:http://www.securityfocus.com/bid/22770 | GENTOO:GLSA-200704-19 | URL:http://security.gentoo.org/glsa/glsa-200704-19.xml | MISC:http://secunia.com/secunia_research/2007-39/advisory/ | MISC:http://secunia.com/secunia_research/2007-40/advisory/ | OSVDB:33836 | URL:http://osvdb.org/33836 | SECTRACK:1017714 | URL:http://www.securitytracker.com/id?1017714 | SECUNIA:24232 | URL:http://secunia.com/advisories/24232 | SECUNIA:24233 | URL:http://secunia.com/advisories/24233 | SECUNIA:24991 | URL:http://secunia.com/advisories/24991 | VUPEN:ADV-2007-0798 | URL:http://www.vupen.com/english/advisories/2007/0798 | XF:blender-kml-kmz-command-execution(32778) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32778;Assigned (20070303);None (candidate not yet proposed) +CVE-2007-1359;Candidate;Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.;BID:22831 | URL:http://www.securityfocus.com/bid/22831 | CONFIRM:http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html | GENTOO:GLSA-200705-17 | URL:http://www.gentoo.org/security/en/glsa/glsa-200705-17.xml | HP:HPSBMA02133 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 | HP:SSRT061201 | URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 | MISC:http://www.php-security.org/MOPB/BONUS-12-2007.html | OSVDB:32778 | URL:http://www.osvdb.org/32778 | SECUNIA:24373 | URL:http://secunia.com/advisories/24373 | SECUNIA:25316 | URL:http://secunia.com/advisories/25316 | SECUNIA:31087 | URL:http://secunia.com/advisories/31087 | SECUNIA:31113 | URL:http://secunia.com/advisories/31113 | VUPEN:ADV-2007-0868 | URL:http://www.vupen.com/english/advisories/2007/0868 | VUPEN:ADV-2008-2109 | URL:http://www.vupen.com/english/advisories/2008/2109/references | VUPEN:ADV-2008-2115 | URL:http://www.vupen.com/english/advisories/2008/2115 | XF:modsecurity-formurlencoded-security-bypass(32872) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32872;Assigned (20070308);None (candidate not yet proposed) +CVE-2007-1657;Candidate;Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.;BID:22964 | URL:http://www.securityfocus.com/bid/22964 | BUGTRAQ:20070314 Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability | URL:http://www.securityfocus.com/archive/1/462799/100/0/threaded | OSVDB:43550 | URL:http://osvdb.org/43550 | VIM:20070314 [TRUE] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability | URL:http://attrition.org/pipermail/vim/2007-March/001430.html;Assigned (20070323);None (candidate not yet proposed) +CVE-2007-2052;Candidate;Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.;BID:23887 | URL:http://www.securityfocus.com/bid/23887 | BUGTRAQ:20070521 FLEA-2007-0019-1: python | URL:http://www.securityfocus.com/archive/1/469294/30/6450/threaded | BUGTRAQ:20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates | URL:http://www.securityfocus.com/archive/1/488457/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934 | CONFIRM:http://www.python.org/download/releases/2.5.1/NEWS.txt | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093 | CONFIRM:https://issues.rpath.com/browse/RPL-1358 | DEBIAN:DSA-1551 | URL:http://www.debian.org/security/2008/dsa-1551 | DEBIAN:DSA-1620 | URL:http://www.debian.org/security/2008/dsa-1620 | MANDRIVA:MDKSA-2007:099 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:099 | MLIST:[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates | URL:http://lists.vmware.com/pipermail/security-announce/2008/000005.html | OVAL:oval:org.mitre.oval:def:11716 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716 | OVAL:oval:org.mitre.oval:def:8353 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353 | REDHAT:RHSA-2007:1076 | URL:http://www.redhat.com/support/errata/RHSA-2007-1076.html | REDHAT:RHSA-2007:1077 | URL:http://www.redhat.com/support/errata/RHSA-2007-1077.html | REDHAT:RHSA-2008:0629 | URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html | SECUNIA:25190 | URL:http://secunia.com/advisories/25190 | SECUNIA:25217 | URL:http://secunia.com/advisories/25217 | SECUNIA:25233 | URL:http://secunia.com/advisories/25233 | SECUNIA:25353 | URL:http://secunia.com/advisories/25353 | SECUNIA:25787 | URL:http://secunia.com/advisories/25787 | SECUNIA:28027 | URL:http://secunia.com/advisories/28027 | SECUNIA:28050 | URL:http://secunia.com/advisories/28050 | SECUNIA:29032 | URL:http://secunia.com/advisories/29032 | SECUNIA:29303 | URL:http://secunia.com/advisories/29303 | SECUNIA:29889 | URL:http://secunia.com/advisories/29889 | SECUNIA:31255 | URL:http://secunia.com/advisories/31255 | SECUNIA:31492 | URL:http://secunia.com/advisories/31492 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SUSE:SUSE-SR:2007:013 | URL:http://www.novell.com/linux/security/advisories/2007_13_sr.html | TRUSTIX:2007-0019 | URL:http://www.trustix.org/errata/2007/0019/ | UBUNTU:USN-585-1 | URL:http://www.ubuntu.com/usn/usn-585-1 | VUPEN:ADV-2007-1465 | URL:http://www.vupen.com/english/advisories/2007/1465 | VUPEN:ADV-2008-0637 | URL:http://www.vupen.com/english/advisories/2008/0637 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-localemodule-information-disclosure(34060) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34060;Assigned (20070416);None (candidate not yet proposed) +CVE-2007-4559;Candidate;Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=263261 | GENTOO:GLSA-202309-06 | URL:https://security.gentoo.org/glsa/202309-06 | MLIST:[python-dev] 20070824 tarfile and directory traversal vulnerability | URL:http://mail.python.org/pipermail/python-dev/2007-August/074290.html | MLIST:[python-dev] 20070825 tarfile and directory traversal vulnerability | URL:http://mail.python.org/pipermail/python-dev/2007-August/074292.html | SECUNIA:26623 | URL:http://secunia.com/advisories/26623 | VUPEN:ADV-2007-3022 | URL:http://www.vupen.com/english/advisories/2007/3022;Assigned (20070827);None (candidate not yet proposed) +CVE-2007-4965;Candidate;Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.;APPLE:APPLE-SA-2007-12-17 | URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html | APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:25696 | URL:http://www.securityfocus.com/bid/25696 | BUGTRAQ:20080212 FLEA-2008-0002-1 python | URL:http://www.securityfocus.com/archive/1/487990/100/0/threaded | BUGTRAQ:20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates | URL:http://www.securityfocus.com/archive/1/488457/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CERT:TA07-352A | URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=192876 | CONFIRM:http://docs.info.apple.com/article.html?artnum=307179 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://support.avaya.com/css/P8/documents/100074697 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | CONFIRM:https://issues.rpath.com/browse/RPL-1885 | DEBIAN:DSA-1551 | URL:http://www.debian.org/security/2008/dsa-1551 | DEBIAN:DSA-1620 | URL:http://www.debian.org/security/2008/dsa-1620 | FEDORA:FEDORA-2007-2663 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html | FULLDISC:20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module | URL:http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html | GENTOO:GLSA-200711-07 | URL:http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml | MANDRIVA:MDVSA-2008:012 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 | MANDRIVA:MDVSA-2008:013 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 | MLIST:[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates | URL:http://lists.vmware.com/pipermail/security-announce/2008/000005.html | OVAL:oval:org.mitre.oval:def:10804 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 | OVAL:oval:org.mitre.oval:def:8486 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 | OVAL:oval:org.mitre.oval:def:8496 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 | REDHAT:RHSA-2007:1076 | URL:http://www.redhat.com/support/errata/RHSA-2007-1076.html | REDHAT:RHSA-2008:0629 | URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html | SECUNIA:26837 | URL:http://secunia.com/advisories/26837 | SECUNIA:27460 | URL:http://secunia.com/advisories/27460 | SECUNIA:27562 | URL:http://secunia.com/advisories/27562 | SECUNIA:27872 | URL:http://secunia.com/advisories/27872 | SECUNIA:28136 | URL:http://secunia.com/advisories/28136 | SECUNIA:28480 | URL:http://secunia.com/advisories/28480 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29032 | URL:http://secunia.com/advisories/29032 | SECUNIA:29303 | URL:http://secunia.com/advisories/29303 | SECUNIA:29889 | URL:http://secunia.com/advisories/29889 | SECUNIA:31255 | URL:http://secunia.com/advisories/31255 | SECUNIA:31492 | URL:http://secunia.com/advisories/31492 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SECUNIA:38675 | URL:http://secunia.com/advisories/38675 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-585-1 | URL:http://www.ubuntu.com/usn/usn-585-1 | VUPEN:ADV-2007-3201 | URL:http://www.vupen.com/english/advisories/2007/3201 | VUPEN:ADV-2007-4238 | URL:http://www.vupen.com/english/advisories/2007/4238 | VUPEN:ADV-2008-0637 | URL:http://www.vupen.com/english/advisories/2008/0637 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-imageop-bo(36653) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36653;Assigned (20070918);None (candidate not yet proposed) +CVE-2007-5741;Candidate;Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.;BID:26354 | URL:http://www.securityfocus.com/bid/26354 | BUGTRAQ:20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix | URL:http://www.securityfocus.com/archive/1/483343/100/0/threaded | CONFIRM:http://plone.org/about/security/advisories/cve-2007-5741 | DEBIAN:DSA-1405 | URL:http://www.debian.org/security/2007/dsa-1405 | OSVDB:42071 | URL:http://osvdb.org/42071 | OSVDB:42072 | URL:http://osvdb.org/42072 | SECUNIA:27530 | URL:http://secunia.com/advisories/27530 | SECUNIA:27559 | URL:http://secunia.com/advisories/27559 | VUPEN:ADV-2007-3754 | URL:http://www.vupen.com/english/advisories/2007/3754 | XF:plone-pythoncode-execution(38288) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38288;Assigned (20071031);None (candidate not yet proposed) +CVE-2008-0980;Candidate;"Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.";BID:27898 | URL:http://www.securityfocus.com/bid/27898 | BUGTRAQ:20080219 PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP) | URL:http://www.securityfocus.com/archive/1/488336/100/0/threaded | MISC:http://www.procheckup.com/Vulnerability_PR08-01.php | SREASON:3699 | URL:http://securityreason.com/securityalert/3699;Assigned (20080225);None (candidate not yet proposed) +CVE-2008-0981;Candidate;Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.;BID:27898 | URL:http://www.securityfocus.com/bid/27898 | BUGTRAQ:20080219 PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP) | URL:http://www.securityfocus.com/archive/1/488336/100/0/threaded | MISC:http://www.procheckup.com/Vulnerability_PR08-01.php | SREASON:3699 | URL:http://securityreason.com/securityalert/3699;Assigned (20080225);None (candidate not yet proposed) +CVE-2008-0982;Candidate;Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.;BID:27898 | URL:http://www.securityfocus.com/bid/27898 | BUGTRAQ:20080219 PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP) | URL:http://www.securityfocus.com/archive/1/488336/100/0/threaded | MISC:http://www.procheckup.com/Vulnerability_PR08-01.php | SREASON:3699 | URL:http://securityreason.com/securityalert/3699;Assigned (20080225);None (candidate not yet proposed) +CVE-2008-1679;Candidate;Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | CONFIRM:http://bugs.python.org/issue1179 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://support.avaya.com/css/P8/documents/100074697 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | CONFIRM:https://issues.rpath.com/browse/RPL-2424 | DEBIAN:DSA-1551 | URL:http://www.debian.org/security/2008/dsa-1551 | DEBIAN:DSA-1620 | URL:http://www.debian.org/security/2008/dsa-1620 | GENTOO:GLSA-200807-01 | URL:http://security.gentoo.org/glsa/glsa-200807-01.xml | MANDRIVA:MDVSA-2008:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 | MANDRIVA:MDVSA-2008:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 | MISC:http://bugs.python.org/msg64682 | OVAL:oval:org.mitre.oval:def:10583 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583 | OVAL:oval:org.mitre.oval:def:7800 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800 | SECUNIA:29889 | URL:http://secunia.com/advisories/29889 | SECUNIA:29955 | URL:http://secunia.com/advisories/29955 | SECUNIA:30872 | URL:http://secunia.com/advisories/30872 | SECUNIA:31255 | URL:http://secunia.com/advisories/31255 | SECUNIA:31358 | URL:http://secunia.com/advisories/31358 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:38675 | URL:http://secunia.com/advisories/38675 | SLACKWARE:SSA:2008-217-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | XF:python-imageopc-bo(41958) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41958;Assigned (20080403);None (candidate not yet proposed) +CVE-2008-1721;Candidate;Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:28715 | URL:http://www.securityfocus.com/bid/28715 | BUGTRAQ:20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module | URL:http://www.securityfocus.com/archive/1/490690/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.python.org/issue2586 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://support.avaya.com/css/P8/documents/100074697 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | CONFIRM:https://issues.rpath.com/browse/RPL-2444 | DEBIAN:DSA-1551 | URL:http://www.debian.org/security/2008/dsa-1551 | DEBIAN:DSA-1620 | URL:http://www.debian.org/security/2008/dsa-1620 | GENTOO:GLSA-200807-01 | URL:http://security.gentoo.org/glsa/glsa-200807-01.xml | MANDRIVA:MDVSA-2008:085 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:085 | OVAL:oval:org.mitre.oval:def:8249 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249 | OVAL:oval:org.mitre.oval:def:8494 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494 | OVAL:oval:org.mitre.oval:def:9407 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407 | SECTRACK:1019823 | URL:http://www.securitytracker.com/id?1019823 | SECUNIA:29889 | URL:http://secunia.com/advisories/29889 | SECUNIA:29955 | URL:http://secunia.com/advisories/29955 | SECUNIA:30872 | URL:http://secunia.com/advisories/30872 | SECUNIA:31255 | URL:http://secunia.com/advisories/31255 | SECUNIA:31358 | URL:http://secunia.com/advisories/31358 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SECUNIA:38675 | URL:http://secunia.com/advisories/38675 | SLACKWARE:SSA:2008-217-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 | SREASON:3802 | URL:http://securityreason.com/securityalert/3802 | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2008-1229 | URL:http://www.vupen.com/english/advisories/2008/1229/references | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:zlib-pystringfromstringandsize-bo(41748) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41748;Assigned (20080410);None (candidate not yet proposed) +CVE-2008-1887;Candidate;Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:28749 | URL:http://www.securityfocus.com/bid/28749 | BUGTRAQ:20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows | URL:http://www.securityfocus.com/archive/1/490776 | BUGTRAQ:20090824 rPSA-2009-0122-1 idle python | URL:http://www.securityfocus.com/archive/1/506056/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.python.org/issue2587 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | DEBIAN:DSA-1551 | URL:http://www.debian.org/security/2008/dsa-1551 | DEBIAN:DSA-1620 | URL:http://www.debian.org/security/2008/dsa-1620 | GENTOO:GLSA-200807-01 | URL:http://security.gentoo.org/glsa/glsa-200807-01.xml | OVAL:oval:org.mitre.oval:def:10407 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407 | OVAL:oval:org.mitre.oval:def:8624 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624 | SECUNIA:29889 | URL:http://secunia.com/advisories/29889 | SECUNIA:30872 | URL:http://secunia.com/advisories/30872 | SECUNIA:31255 | URL:http://secunia.com/advisories/31255 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-pystringfromstringandsize-bo(41944) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41944;Assigned (20080418);None (candidate not yet proposed) +CVE-2008-2315;Candidate;Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:30491 | URL:http://www.securityfocus.com/bid/30491 | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.gentoo.org/attachment.cgi?id=159418&action=view | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=230640 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://support.avaya.com/css/P8/documents/100074697 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | DEBIAN:DSA-1667 | URL:http://www.debian.org/security/2008/dsa-1667 | GENTOO:GLSA-200807-16 | URL:http://security.gentoo.org/glsa/glsa-200807-16.xml | MANDRIVA:MDVSA-2008:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 | MANDRIVA:MDVSA-2008:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 | MLIST:[oss-security] 20081105 CVE Request - Python string expandtabs | URL:http://www.openwall.com/lists/oss-security/2008/11/05/2 | MLIST:[oss-security] 20081105 Re: CVE Request - Python string expandtabs | URL:http://www.openwall.com/lists/oss-security/2008/11/05/3 | OVAL:oval:org.mitre.oval:def:8445 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 | OVAL:oval:org.mitre.oval:def:8683 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 | OVAL:oval:org.mitre.oval:def:9761 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 | SECUNIA:31305 | URL:http://secunia.com/advisories/31305 | SECUNIA:31332 | URL:http://secunia.com/advisories/31332 | SECUNIA:31358 | URL:http://secunia.com/advisories/31358 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:32793 | URL:http://secunia.com/advisories/32793 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SECUNIA:38675 | URL:http://secunia.com/advisories/38675 | SLACKWARE:SSA:2008-217-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2008-2288 | URL:http://www.vupen.com/english/advisories/2008/2288 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-modules-bo(44172) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 | XF:python-multiple-bo(44173) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44173;Assigned (20080518);None (candidate not yet proposed) +CVE-2008-2316;Candidate;"Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to ""partial hashlib hashing of data exceeding 4GB.""";APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:30491 | URL:http://www.securityfocus.com/bid/30491 | BUGTRAQ:20080813 rPSA-2008-0243-1 idle python | URL:http://www.securityfocus.com/archive/1/495445/100/0/threaded | CONFIRM:http://bugs.gentoo.org/attachment.cgi?id=159422&action=view | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=230640 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0243 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | GENTOO:GLSA-200807-16 | URL:http://security.gentoo.org/glsa/glsa-200807-16.xml | MANDRIVA:MDVSA-2008:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 | SECUNIA:31305 | URL:http://secunia.com/advisories/31305 | SECUNIA:31332 | URL:http://secunia.com/advisories/31332 | SECUNIA:31358 | URL:http://secunia.com/advisories/31358 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31473 | URL:http://secunia.com/advisories/31473 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SLACKWARE:SSA:2008-217-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2008-2288 | URL:http://www.vupen.com/english/advisories/2008/2288 | XF:python-hashlib-overflow(44174) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44174 | XF:python-multiple-bo(44173) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44173;Assigned (20080518);None (candidate not yet proposed) +CVE-2008-3142;Candidate;Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:30491 | URL:http://www.securityfocus.com/bid/30491 | BUGTRAQ:20080813 rPSA-2008-0243-1 idle python | URL:http://www.securityfocus.com/archive/1/495445/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=232137 | CONFIRM:http://bugs.python.org/file10825/issue2620-gps02-patch.txt | CONFIRM:http://bugs.python.org/issue2620 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0243 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | DEBIAN:DSA-1667 | URL:http://www.debian.org/security/2008/dsa-1667 | GENTOO:GLSA-200807-16 | URL:http://security.gentoo.org/glsa/glsa-200807-16.xml | MANDRIVA:MDVSA-2008:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 | MANDRIVA:MDVSA-2008:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 | OVAL:oval:org.mitre.oval:def:11466 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466 | OVAL:oval:org.mitre.oval:def:8422 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422 | SECUNIA:31305 | URL:http://secunia.com/advisories/31305 | SECUNIA:31332 | URL:http://secunia.com/advisories/31332 | SECUNIA:31358 | URL:http://secunia.com/advisories/31358 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31473 | URL:http://secunia.com/advisories/31473 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:32793 | URL:http://secunia.com/advisories/32793 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SLACKWARE:SSA:2008-217-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2008-2288 | URL:http://www.vupen.com/english/advisories/2008/2288 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-multiple-bo(44173) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 | XF:python-unicode-bo(44170) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44170;Assigned (20080710);None (candidate not yet proposed) +CVE-2008-3143;Candidate;"Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by ""checks for integer overflows, contributed by Google.""";BID:30491 | URL:http://www.securityfocus.com/bid/30491 | BUGTRAQ:20080813 rPSA-2008-0243-1 idle python | URL:http://www.securityfocus.com/archive/1/495445/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=232137 | CONFIRM:http://svn.python.org/view?rev=60793&view=rev | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0243 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | CONFIRM:http://www.python.org/download/releases/2.5.2/NEWS.txt | CONFIRM:http://www.python.org/download/releases/2.6/NEWS.txt | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | DEBIAN:DSA-1667 | URL:http://www.debian.org/security/2008/dsa-1667 | GENTOO:GLSA-200807-16 | URL:http://security.gentoo.org/glsa/glsa-200807-16.xml | MANDRIVA:MDVSA-2008:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 | MANDRIVA:MDVSA-2008:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 | OVAL:oval:org.mitre.oval:def:7720 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720 | OVAL:oval:org.mitre.oval:def:8996 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996 | SECUNIA:31332 | URL:http://secunia.com/advisories/31332 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31473 | URL:http://secunia.com/advisories/31473 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:32793 | URL:http://secunia.com/advisories/32793 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2008-2288 | URL:http://www.vupen.com/english/advisories/2008/2288 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316;Assigned (20080710);None (candidate not yet proposed) +CVE-2008-3144;Candidate;Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:30491 | URL:http://www.securityfocus.com/bid/30491 | BUGTRAQ:20080813 rPSA-2008-0243-1 idle python | URL:http://www.securityfocus.com/archive/1/495445/100/0/threaded | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=232137 | CONFIRM:http://bugs.python.org/issue2588 | CONFIRM:http://bugs.python.org/issue2589 | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://svn.python.org/view?rev=63728&view=rev | CONFIRM:http://svn.python.org/view?rev=63734&view=rev | CONFIRM:http://svn.python.org/view?rev=63883&view=rev | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0243 | CONFIRM:http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | DEBIAN:DSA-1667 | URL:http://www.debian.org/security/2008/dsa-1667 | GENTOO:GLSA-200807-16 | URL:http://security.gentoo.org/glsa/glsa-200807-16.xml | MANDRIVA:MDVSA-2008:163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 | MANDRIVA:MDVSA-2008:164 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 | OVAL:oval:org.mitre.oval:def:10170 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170 | OVAL:oval:org.mitre.oval:def:7725 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725 | SECUNIA:31305 | URL:http://secunia.com/advisories/31305 | SECUNIA:31332 | URL:http://secunia.com/advisories/31332 | SECUNIA:31358 | URL:http://secunia.com/advisories/31358 | SECUNIA:31365 | URL:http://secunia.com/advisories/31365 | SECUNIA:31473 | URL:http://secunia.com/advisories/31473 | SECUNIA:31518 | URL:http://secunia.com/advisories/31518 | SECUNIA:31687 | URL:http://secunia.com/advisories/31687 | SECUNIA:32793 | URL:http://secunia.com/advisories/32793 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | SLACKWARE:SSA:2008-217-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 | SUSE:SUSE-SR:2008:017 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | UBUNTU:USN-632-1 | URL:http://www.ubuntu.com/usn/usn-632-1 | VUPEN:ADV-2008-2288 | URL:http://www.vupen.com/english/advisories/2008/2288 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-multiple-bo(44173) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 | XF:python-pyosvsnprintf-bo(44171) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/44171;Assigned (20080710);None (candidate not yet proposed) +CVE-2008-3294;Candidate;src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.;APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | BUGTRAQ:20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution | URL:http://www.securityfocus.com/archive/1/494532/100/0/threaded | BUGTRAQ:20080718 Re: Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution | URL:http://www.securityfocus.com/archive/1/494535/100/0/threaded | BUGTRAQ:20080725 Re: [Full-disclosure] Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution | URL:http://www.securityfocus.com/archive/1/494736/100/0/threaded | CONFIRM:http://support.apple.com/kb/HT3216 | FULLDISC:20080717 Vim: Insecure Temporary File Creation During Build: Arbitrary Code Execution | URL:http://seclists.org/fulldisclosure/2008/Jul/0312.html | SECUNIA:31159 | URL:http://secunia.com/advisories/31159 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | VUPEN:ADV-2008-2146 | URL:http://www.vupen.com/english/advisories/2008/2146/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780;Assigned (20080724);None (candidate not yet proposed) +CVE-2008-3949;Candidate;emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.;BID:31052 | URL:http://www.securityfocus.com/bid/31052 | CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=424340 | GENTOO:GLSA-200902-06 | URL:http://security.gentoo.org/glsa/glsa-200902-06.xml | MANDRIVA:MDVSA-2008:216 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:216 | MLIST:[emacs-devel] 20080905 Vulnerability in Emacs python integration | URL:http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html | SECUNIA:31982 | URL:http://secunia.com/advisories/31982 | SECUNIA:34004 | URL:http://secunia.com/advisories/34004 | SUSE:SUSE-SR:2008:018 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html | XF:emacs-python-code-execution(45021) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45021;Assigned (20080905);None (candidate not yet proposed) +CVE-2008-4099;Candidate;PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.;MISC:[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) | URL:http://www.openwall.com/lists/oss-security/2008/09/11/1 | MISC:[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) | URL:http://www.openwall.com/lists/oss-security/2008/09/16/4 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217 | URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217 | MISC:http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog | URL:http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog;Assigned (20080915);None (candidate not yet proposed) +CVE-2008-4108;Candidate;Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.;BID:31184 | URL:http://www.securityfocus.com/bid/31184 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=462326 | MLIST:[oss-security] 20080915 CVE Request (python) | URL:http://marc.info/?l=oss-security&m=122148330903513&w=2 | MLIST:[oss-security] 20080916 Re: CVE Request (python) | URL:http://marc.info/?l=oss-security&m=122152861617434&w=2 | SECTRACK:1020904 | URL:http://www.securitytracker.com/id?1020904 | SREASON:4274 | URL:http://securityreason.com/securityalert/4274 | VUPEN:ADV-2008-2659 | URL:http://www.vupen.com/english/advisories/2008/2659 | XF:python-movefaqwiz-symlink(45161) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45161;Assigned (20080915);None (candidate not yet proposed) +CVE-2008-4126;Candidate;PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.;CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217 | CONFIRM:http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog | MLIST:[oss-security] 20080911 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) | URL:http://www.openwall.com/lists/oss-security/2008/09/11/1 | MLIST:[oss-security] 20080915 Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) | URL:http://www.openwall.com/lists/oss-security/2008/09/16/4;Assigned (20080918);None (candidate not yet proposed) +CVE-2008-4394;Candidate;Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.;BID:31670 | URL:http://www.securityfocus.com/bid/31670 | GENTOO:GLSA-200810-02 | URL:http://security.gentoo.org/glsa/glsa-200810-02.xml | SECUNIA:32228 | URL:http://secunia.com/advisories/32228 | XF:portage-search-path-priv-escalation(45792) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45792;Assigned (20081002);None (candidate not yet proposed) +CVE-2008-4863;Candidate;Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.;CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 | GENTOO:GLSA-201001-07 | URL:http://security.gentoo.org/glsa/glsa-201001-07.xml | MANDRIVA:MDVSA-2009:038 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:038 | MLIST:[oss-security] 20081027 CVE id request: blender | URL:http://www.openwall.com/lists/oss-security/2008/10/27/1;Assigned (20081031);None (candidate not yet proposed) +CVE-2008-4864;Candidate;Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BID:31932 | URL:http://www.securityfocus.com/bid/31932 | BID:31976 | URL:http://www.securityfocus.com/bid/31976 | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c | CONFIRM:http://svn.python.org/view?rev=66689&view=rev | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | MISC:http://scary.beasts.org/security/CESA-2008-008.html | MLIST:[oss-security] 20081027 CVE request -- Python imageop#3 | URL:http://www.openwall.com/lists/oss-security/2008/10/27/2 | MLIST:[oss-security] 20081029 CVE Request - Python imageop | URL:http://www.openwall.com/lists/oss-security/2008/10/29/3 | OVAL:oval:org.mitre.oval:def:10702 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702 | OVAL:oval:org.mitre.oval:def:8354 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-image-module-bo(46606) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46606;Assigned (20081031);None (candidate not yet proposed) +CVE-2008-5031;Candidate;Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.;APPLE:APPLE-SA-2009-02-12 | URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | BUGTRAQ:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components | URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded | CONFIRM:http://support.apple.com/kb/HT3438 | CONFIRM:http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c | CONFIRM:http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c | CONFIRM:http://svn.python.org/view?rev=61350&view=rev | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2009-0016.html | GENTOO:GLSA-200907-16 | URL:http://security.gentoo.org/glsa/glsa-200907-16.xml | MISC:http://scary.beasts.org/security/CESA-2008-008.html | MLIST:[oss-security] 20081105 CVE Request - Python string expandtabs | URL:http://www.openwall.com/lists/oss-security/2008/11/05/2 | MLIST:[oss-security] 20081105 Re: CVE Request - Python string expandtabs | URL:http://www.openwall.com/lists/oss-security/2008/11/05/3 | OVAL:oval:org.mitre.oval:def:11280 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280 | OVAL:oval:org.mitre.oval:def:8564 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564 | SECUNIA:33937 | URL:http://secunia.com/advisories/33937 | SECUNIA:35750 | URL:http://secunia.com/advisories/35750 | SECUNIA:37471 | URL:http://secunia.com/advisories/37471 | VUPEN:ADV-2009-3316 | URL:http://www.vupen.com/english/advisories/2009/3316 | XF:python-expandtabs-integer-overflow(46612) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46612;Assigned (20081110);None (candidate not yet proposed) +CVE-2008-5102;Candidate;PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.;CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=246411 | CONFIRM:http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz | CONFIRM:http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt | CONFIRM:https://bugs.launchpad.net/zope2/+bug/257269 | CONFIRM:https://bugs.launchpad.net/zope2/+bug/257276 | MLIST:[Zope] 20080812 Script (Python) insecure ? | URL:http://mail.zope.org/pipermail/zope/2008-August/174025.html | MLIST:[oss-security] 20081112 CVE Request - Zope 2 - PythonScripts local DoS | URL:http://openwall.com/lists/oss-security/2008/11/12/2 | VUPEN:ADV-2008-2418 | URL:http://www.vupen.com/english/advisories/2008/2418;Assigned (20081117);None (candidate not yet proposed) +CVE-2008-5103;Candidate;The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions.;BID:32292 | URL:http://www.securityfocus.com/bid/32292 | CONFIRM:http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 | OSVDB:49996 | URL:http://osvdb.org/49996 | SECUNIA:32697 | URL:http://secunia.com/advisories/32697 | UBUNTU:USN-670-1 | URL:http://www.ubuntu.com/usn/usn-670-1 | XF:vmbuilder-password-weak-security(46603) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46603;Assigned (20081117);None (candidate not yet proposed) +CVE-2008-5104;Candidate;Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions.;BID:32292 | URL:http://www.securityfocus.com/bid/32292 | CONFIRM:http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 | SECUNIA:32697 | URL:http://secunia.com/advisories/32697 | UBUNTU:USN-670-1 | URL:http://www.ubuntu.com/usn/usn-670-1 | XF:vmbuilder-root-default-password(46881) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46881;Assigned (20081117);None (candidate not yet proposed) +CVE-2008-5983;Candidate;Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.;FEDORA:FEDORA-2010-9652 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html | GENTOO:GLSA-200903-41 | URL:http://security.gentoo.org/glsa/glsa-200903-41.xml | GENTOO:GLSA-200904-06 | URL:http://security.gentoo.org/glsa/glsa-200904-06.xml | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=482814 | MLIST:[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd | URL:http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html | MLIST:[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory | URL:http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | MLIST:[oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/28/5 | MLIST:[oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/30/2 | REDHAT:RHSA-2011:0027 | URL:http://www.redhat.com/support/errata/RHSA-2011-0027.html | SECUNIA:34522 | URL:http://secunia.com/advisories/34522 | SECUNIA:40194 | URL:http://secunia.com/advisories/40194 | SECUNIA:42888 | URL:http://secunia.com/advisories/42888 | SECUNIA:50858 | URL:http://secunia.com/advisories/50858 | SECUNIA:51024 | URL:http://secunia.com/advisories/51024 | SECUNIA:51040 | URL:http://secunia.com/advisories/51040 | SECUNIA:51087 | URL:http://secunia.com/advisories/51087 | UBUNTU:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | UBUNTU:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | UBUNTU:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | UBUNTU:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1 | VUPEN:ADV-2010-1448 | URL:http://www.vupen.com/english/advisories/2010/1448 | VUPEN:ADV-2011-0122 | URL:http://www.vupen.com/english/advisories/2011/0122;Assigned (20090127);None (candidate not yet proposed) +CVE-2008-5984;Candidate;Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33448 | URL:http://www.securityfocus.com/bid/33448 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481551 | FEDORA:FEDORA-2009-1057 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01065.html | MANDRIVA:MDVSA-2009:040 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:040 | MANDRIVA:MDVSA-2009:046 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:046 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | SECUNIA:33672 | URL:http://secunia.com/advisories/33672 | SECUNIA:33703 | URL:http://secunia.com/advisories/33703 | XF:dia-pysyssetargv-privilege-escalation(48262) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48262;Assigned (20090127);None (candidate not yet proposed) +CVE-2008-5985;Candidate;Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33441 | URL:http://www.securityfocus.com/bid/33441 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481548 | GENTOO:GLSA-200903-16 | URL:http://www.gentoo.org/security/en/glsa/glsa-200903-16.xml | MANDRIVA:MDVSA-2009:048 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:048 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | SECUNIA:34187 | URL:http://secunia.com/advisories/34187;Assigned (20090127);None (candidate not yet proposed) +CVE-2008-5986;Candidate;"Untrusted search path vulnerability in the (1) ""VST plugin with Python scripting"" and (2) ""VST plugin for writing score generators in Python"" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).";BID:33446 | URL:http://www.securityfocus.com/bid/33446 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481550 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | XF:csound-pysyssetargv-privilege-escalation(48276) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48276;Assigned (20090127);None (candidate not yet proposed) +CVE-2008-5987;Candidate;Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33443 | URL:http://www.securityfocus.com/bid/33443 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481553 | GENTOO:GLSA-200904-06 | URL:http://security.gentoo.org/glsa/glsa-200904-06.xml | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2;Assigned (20090127);None (candidate not yet proposed) +CVE-2008-6539;Candidate;Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.;EXPLOIT-DB:5305 | URL:https://www.exploit-db.com/exploits/5305;Assigned (20090329);None (candidate not yet proposed) +CVE-2008-6547;Candidate;schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.;BID:30282 | URL:http://www.securityfocus.com/bid/30282 | CONFIRM:http://sourceforge.net/tracker/download.php?group_id=91231&atid=596416&file_id=271779&aid=1925164 | CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1925164&group_id=91231&atid=596416 | FEDORA:FEDORA-2008-6312 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00607.html | OSVDB:47082 | URL:http://osvdb.org/47082 | SECUNIA:31081 | URL:http://secunia.com/advisories/31081 | SECUNIA:31163 | URL:http://secunia.com/advisories/31163 | XF:formencode-chainedvalidators-sec-bypass(43878) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/43878;Assigned (20090329);None (candidate not yet proposed) +CVE-2008-6549;Candidate;The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.;CONFIRM:http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | CONFIRM:http://moinmo.in/SecurityFixes | OSVDB:48876 | URL:http://osvdb.org/48876;Assigned (20090329);None (candidate not yet proposed) +CVE-2008-6954;Candidate;The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.;BID:32317 | URL:http://www.securityfocus.com/bid/32317 | CONFIRM:http://freshmeat.net/projects/cobbler/releases/288374 | FEDORA:FEDORA-2008-9723 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00462.html | FEDORA:FEDORA-2008-9745 | URL:https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00485.html | OSVDB:50291 | URL:http://osvdb.org/50291 | SECUNIA:32737 | URL:http://secunia.com/advisories/32737 | SECUNIA:32804 | URL:http://secunia.com/advisories/32804 | XF:cobbler-interface-code-execution(46625) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/46625;Assigned (20090811);None (candidate not yet proposed) +CVE-2009-0314;Candidate;Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33445 | URL:http://www.securityfocus.com/bid/33445 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481556 | FEDORA:FEDORA-2009-1189 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01195.html | GENTOO:GLSA-200903-41 | URL:http://security.gentoo.org/glsa/glsa-200903-41.xml | MANDRIVA:MDVSA-2009:039 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:039 | MISC:http://bugzilla.gnome.org/show_bug.cgi?id=569214 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | SECUNIA:33759 | URL:http://secunia.com/advisories/33759 | SECUNIA:33769 | URL:http://secunia.com/advisories/33769 | SECUNIA:34522 | URL:http://secunia.com/advisories/34522 | XF:gedit-pysyssetargv-privilege-escalation(48271) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48271;Assigned (20090127);None (candidate not yet proposed) +CVE-2009-0315;Candidate;Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33444 | URL:http://www.securityfocus.com/bid/33444 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481560 | MANDRIVA:MDVSA-2009:059 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:059 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2;Assigned (20090127);None (candidate not yet proposed) +CVE-2009-0316;Candidate;Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.;APPLE:APPLE-SA-2010-03-29-1 | URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | BID:33447 | URL:http://www.securityfocus.com/bid/33447 | CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937 | CONFIRM:http://support.apple.com/kb/HT4077 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481565 | CONFIRM:https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045 | MANDRIVA:MDVSA-2009:047 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:047 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305 | MLIST:[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd | URL:http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | XF:vim-pysyssetargv-privilege-escalation(48275) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48275;Assigned (20090127);None (candidate not yet proposed) +CVE-2009-0317;Candidate;Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33442 | URL:http://www.securityfocus.com/bid/33442 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481570 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2;Assigned (20090127);None (candidate not yet proposed) +CVE-2009-0318;Candidate;Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).;BID:33438 | URL:http://www.securityfocus.com/bid/33438 | CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=569648 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=481572 | FEDORA:FEDORA-2009-1295 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html | GENTOO:GLSA-200904-03 | URL:http://security.gentoo.org/glsa/glsa-200904-03.xml | MANDRIVA:MDVSA-2009:043 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:043 | MLIST:[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | URL:http://www.openwall.com/lists/oss-security/2009/01/26/2 | SECUNIA:33707 | URL:http://secunia.com/advisories/33707 | SECUNIA:33823 | URL:http://secunia.com/advisories/33823;Assigned (20090127);None (candidate not yet proposed) +CVE-2009-0367;Candidate;The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.;CONFIRM:http://launchpad.net/bugs/335089 | CONFIRM:http://launchpad.net/bugs/336396 | CONFIRM:http://launchpad.net/bugs/cve/2009-0367 | CONFIRM:http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog | CONFIRM:http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog | CONFIRM:http://www.wesnoth.org/forum/viewtopic.php?t=24247 | CONFIRM:http://www.wesnoth.org/forum/viewtopic.php?t=24340 | CONFIRM:https://gna.org/bugs/index.php?13048 | DEBIAN:DSA-1737 | URL:http://www.debian.org/security/2009/dsa-1737 | SECUNIA:34058 | URL:http://secunia.com/advisories/34058 | SECUNIA:34236 | URL:http://secunia.com/advisories/34236 | VUPEN:ADV-2009-0595 | URL:http://www.vupen.com/english/advisories/2009/0595 | XF:wesnoth-pythonai-code-execution(49058) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49058;Assigned (20090129);None (candidate not yet proposed) +CVE-2009-0668;Candidate;Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.;BID:35987 | URL:http://www.securityfocus.com/bid/35987 | CONFIRM:http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2 | MLIST:[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities | URL:http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html | OSVDB:56827 | URL:http://osvdb.org/56827 | SECUNIA:36204 | URL:http://secunia.com/advisories/36204 | SECUNIA:36205 | URL:http://secunia.com/advisories/36205 | VUPEN:ADV-2009-2217 | URL:http://www.vupen.com/english/advisories/2009/2217 | XF:zope-protocol-code-execution(52377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/52377;Assigned (20090222);None (candidate not yet proposed) +CVE-2009-2940;Candidate;The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.;DEBIAN:DSA-1911 | URL:http://www.debian.org/security/2009/dsa-1911 | OSVDB:59028 | URL:http://www.osvdb.org/59028 | SECUNIA:37046 | URL:http://secunia.com/advisories/37046 | SECUNIA:37654 | URL:http://secunia.com/advisories/37654 | UBUNTU:USN-870-1 | URL:http://ubuntu.com/usn/usn-870-1;Assigned (20090823);None (candidate not yet proposed) +CVE-2009-3578;Candidate;"Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to ""Script Nodes.""";BID:36636 | URL:http://www.securityfocus.com/bid/36636 | BUGTRAQ:20091123 CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution | URL:http://www.securityfocus.com/archive/1/508013/100/0/threaded | MISC:http://www.coresecurity.com/content/maya-arbitrary-command-execution | SECTRACK:1023228 | URL:http://securitytracker.com/id?1023228;Assigned (20091007);None (candidate not yet proposed) +CVE-2009-3720;Candidate;The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.;CONFIRM:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch | CONFIRM:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log | CONFIRM:http://svn.python.org/view?view=rev&revision=74429 | CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=280615 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=531697 | FEDORA:FEDORA-2009-12690 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html | FEDORA:FEDORA-2009-12737 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html | FEDORA:FEDORA-2009-12753 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html | FEDORA:FEDORA-2010-17720 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html | FEDORA:FEDORA-2010-17732 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html | FEDORA:FEDORA-2010-17762 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html | FEDORA:FEDORA-2010-17807 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html | FEDORA:FEDORA-2010-17819 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html | HP:HPSBUX02645 | URL:http://marc.info/?l=bugtraq&m=130168502603566&w=2 | MANDRIVA:MDVSA-2009:211 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:211 | MANDRIVA:MDVSA-2009:212 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:212 | MANDRIVA:MDVSA-2009:215 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:215 | MANDRIVA:MDVSA-2009:216 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 | MANDRIVA:MDVSA-2009:217 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 | MANDRIVA:MDVSA-2009:218 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:218 | MANDRIVA:MDVSA-2009:219 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:219 | MANDRIVA:MDVSA-2009:220 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:220 | MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127 | MLIST:[expat-bugs] 20090117 [ expat-Bugs-1990430 ] Parser crash with specially formatted UTF-8 sequences | URL:http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html | MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ | URL:https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ | URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [7/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ | URL:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/ | URL:https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E | MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html | URL:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E | MLIST:[oss-security] 20090821 expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/08/21/2 | MLIST:[oss-security] 20090826 Re: Re: expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/08/26/4 | MLIST:[oss-security] 20090826 Re: expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/08/26/3 | MLIST:[oss-security] 20090827 Re: Re: expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/08/27/6 | MLIST:[oss-security] 20090906 Re: Re: expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/09/06/1 | MLIST:[oss-security] 20091022 Re: Re: Regarding expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/10/23/2 | MLIST:[oss-security] 20091022 Re: Regarding expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/10/22/9 | MLIST:[oss-security] 20091022 Regarding expat bug 1990430 | URL:http://www.openwall.com/lists/oss-security/2009/10/22/5 | MLIST:[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] | URL:http://www.openwall.com/lists/oss-security/2009/10/23/6 | MLIST:[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] | URL:http://www.openwall.com/lists/oss-security/2009/10/26/3 | MLIST:[oss-security] 20091028 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] | URL:http://www.openwall.com/lists/oss-security/2009/10/28/3 | MLIST:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates | URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html | OVAL:oval:org.mitre.oval:def:11019 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019 | OVAL:oval:org.mitre.oval:def:12719 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719 | OVAL:oval:org.mitre.oval:def:7112 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112 | REDHAT:RHSA-2010:0002 | URL:http://www.redhat.com/support/errata/RHSA-2010-0002.html | REDHAT:RHSA-2011:0896 | URL:http://www.redhat.com/support/errata/RHSA-2011-0896.html | SECTRACK:1023160 | URL:http://www.securitytracker.com/id?1023160 | SECUNIA:37324 | URL:http://secunia.com/advisories/37324 | SECUNIA:37537 | URL:http://secunia.com/advisories/37537 | SECUNIA:37925 | URL:http://secunia.com/advisories/37925 | SECUNIA:38050 | URL:http://secunia.com/advisories/38050 | SECUNIA:38231 | URL:http://secunia.com/advisories/38231 | SECUNIA:38794 | URL:http://secunia.com/advisories/38794 | SECUNIA:38832 | URL:http://secunia.com/advisories/38832 | SECUNIA:38834 | URL:http://secunia.com/advisories/38834 | SECUNIA:39478 | URL:http://secunia.com/advisories/39478 | SECUNIA:41701 | URL:http://secunia.com/advisories/41701 | SECUNIA:42326 | URL:http://secunia.com/advisories/42326 | SECUNIA:42338 | URL:http://secunia.com/advisories/42338 | SECUNIA:43300 | URL:http://secunia.com/advisories/43300 | SLACKWARE:SSA:2011-041-02 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 | SUNALERT:273630 | URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1 | SUSE:SUSE-SR:2009:018 | URL:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | SUSE:SUSE-SR:2010:012 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html | SUSE:SUSE-SR:2010:013 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html | SUSE:SUSE-SR:2010:014 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | UBUNTU:USN-890-1 | URL:http://www.ubuntu.com/usn/USN-890-1 | UBUNTU:USN-890-6 | URL:http://www.ubuntu.com/usn/USN-890-6 | VUPEN:ADV-2010-0528 | URL:http://www.vupen.com/english/advisories/2010/0528 | VUPEN:ADV-2010-0896 | URL:http://www.vupen.com/english/advisories/2010/0896 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107 | VUPEN:ADV-2010-3035 | URL:http://www.vupen.com/english/advisories/2010/3035 | VUPEN:ADV-2010-3053 | URL:http://www.vupen.com/english/advisories/2010/3053 | VUPEN:ADV-2010-3061 | URL:http://www.vupen.com/english/advisories/2010/3061 | VUPEN:ADV-2011-0359 | URL:http://www.vupen.com/english/advisories/2011/0359;Assigned (20091016);None (candidate not yet proposed) +CVE-2009-3724;Candidate;python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.;MISC:https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000 | MISC:https://www.openwall.com/lists/oss-security/2009/10/29/5;Assigned (20091016);None (candidate not yet proposed) +CVE-2009-3850;Candidate;Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.;BID:36838 | URL:http://www.securityfocus.com/bid/36838 | BUGTRAQ:20091105 CORE-2009-0912: Blender .blend Project Arbitrary Command Execution | URL:http://www.securityfocus.com/archive/1/507706/100/0/threaded | MISC:http://www.coresecurity.com/content/blender-scripting-injection;Assigned (20091102);None (candidate not yet proposed) +CVE-2009-3894;Candidate;Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.;MISC:37131 | URL:http://www.securityfocus.com/bid/37131 | MISC:37445 | URL:http://secunia.com/advisories/37445 | MISC:37457 | URL:http://secunia.com/advisories/37457 | MISC:60511 | URL:http://osvdb.org/60511 | MISC:GLSA-200911-04 | URL:http://security.gentoo.org/glsa/glsa-200911-04.xml | MISC:MDVSA-2009:341 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:341 | MISC:RHSA-2009:1619 | URL:http://www.redhat.com/support/errata/RHSA-2009-1619.html | MISC:http://bugs.gentoo.org/show_bug.cgi?id=293497 | URL:http://bugs.gentoo.org/show_bug.cgi?id=293497 | MISC:http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog | URL:http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=538459 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=538459 | MISC:oval:org.mitre.oval:def:8969 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8969;Assigned (20091105);None (candidate not yet proposed) +CVE-2009-4081;Candidate;Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894.;CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=293497 | MANDRIVA:MDVSA-2009:341 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:341;Assigned (20091127);None (candidate not yet proposed) +CVE-2009-4134;Candidate;Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.;MISC:40361 | URL:http://www.securityfocus.com/bid/40361 | MISC:42888 | URL:http://secunia.com/advisories/42888 | MISC:43068 | URL:http://secunia.com/advisories/43068 | MISC:43364 | URL:http://secunia.com/advisories/43364 | MISC:ADV-2011-0122 | URL:http://www.vupen.com/english/advisories/2011/0122 | MISC:ADV-2011-0212 | URL:http://www.vupen.com/english/advisories/2011/0212 | MISC:ADV-2011-0413 | URL:http://www.vupen.com/english/advisories/2011/0413 | MISC:APPLE-SA-2010-11-10-1 | URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | MISC:MDVSA-2010:215 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 | MISC:RHSA-2011:0027 | URL:http://www.redhat.com/support/errata/RHSA-2011-0027.html | MISC:RHSA-2011:0260 | URL:http://www.redhat.com/support/errata/RHSA-2011-0260.html | MISC:SUSE-SR:2011:002 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | MISC:http://bugs.python.org/issue8678 | URL:http://bugs.python.org/issue8678 | MISC:http://support.apple.com/kb/HT4435 | URL:http://support.apple.com/kb/HT4435 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=541698 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=541698;Assigned (20091201);None (candidate not yet proposed) +CVE-2009-4924;Candidate;Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.;MISC:http://pypi.python.org/pypi/python-cjson/ | MISC:http://t3.dotgnu.info/blog/insecurity/quotes-dont-help.html;Assigned (20100702);None (candidate not yet proposed) +CVE-2009-5042;Candidate;python-docutils allows insecure usage of temporary files;MISC:https://security-tracker.debian.org/tracker/CVE-2009-5042;Assigned (20110114);None (candidate not yet proposed) +CVE-2009-5065;Candidate;Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.;MISC:44074 | URL:http://secunia.com/advisories/44074 | MISC:47177 | URL:http://www.securityfocus.com/bid/47177 | MISC:MDVSA-2011:082 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 | MISC:[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update | URL:http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html | MISC:http://code.google.com/p/feedparser/issues/detail?id=195 | URL:http://code.google.com/p/feedparser/issues/detail?id=195 | MISC:http://support.novell.com/security/cve/CVE-2009-5065.html | URL:http://support.novell.com/security/cve/CVE-2009-5065.html | MISC:https://bugzilla.novell.com/show_bug.cgi?id=680074 | URL:https://bugzilla.novell.com/show_bug.cgi?id=680074 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=684877;Assigned (20110405);None (candidate not yet proposed) +CVE-2010-0395;Candidate;OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.;CERT:TA10-287A | URL:http://www.us-cert.gov/cas/techalerts/TA10-287A.html | CONFIRM:http://www.openoffice.org/security/cves/CVE-2010-0395.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=574119 | DEBIAN:DSA-2055 | URL:http://www.debian.org/security/2010/dsa-2055 | FEDORA:FEDORA-2010-9576 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html | FEDORA:FEDORA-2010-9628 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html | FEDORA:FEDORA-2010-9633 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html | GENTOO:GLSA-201408-19 | URL:http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml | MANDRIVA:MDVSA-2010:221 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:221 | OVAL:oval:org.mitre.oval:def:11091 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091 | REDHAT:RHSA-2010:0459 | URL:http://www.redhat.com/support/errata/RHSA-2010-0459.html | SECUNIA:40070 | URL:http://secunia.com/advisories/40070 | SECUNIA:40084 | URL:http://secunia.com/advisories/40084 | SECUNIA:40104 | URL:http://secunia.com/advisories/40104 | SECUNIA:40107 | URL:http://secunia.com/advisories/40107 | SECUNIA:41818 | URL:http://secunia.com/advisories/41818 | SECUNIA:60799 | URL:http://secunia.com/advisories/60799 | SUSE:SUSE-SR:2010:014 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | UBUNTU:USN-949-1 | URL:http://ubuntu.com/usn/usn-949-1 | VUPEN:ADV-2010-1350 | URL:http://www.vupen.com/english/advisories/2010/1350 | VUPEN:ADV-2010-1353 | URL:http://www.vupen.com/english/advisories/2010/1353 | VUPEN:ADV-2010-1366 | URL:http://www.vupen.com/english/advisories/2010/1366 | VUPEN:ADV-2010-1369 | URL:http://www.vupen.com/english/advisories/2010/1369 | VUPEN:ADV-2010-2905 | URL:http://www.vupen.com/english/advisories/2010/2905;Assigned (20100127);None (candidate not yet proposed) +CVE-2010-1449;Candidate;Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.;MISC:40363 | URL:http://www.securityfocus.com/bid/40363 | MISC:42888 | URL:http://secunia.com/advisories/42888 | MISC:43068 | URL:http://secunia.com/advisories/43068 | MISC:43364 | URL:http://secunia.com/advisories/43364 | MISC:ADV-2011-0122 | URL:http://www.vupen.com/english/advisories/2011/0122 | MISC:ADV-2011-0212 | URL:http://www.vupen.com/english/advisories/2011/0212 | MISC:ADV-2011-0413 | URL:http://www.vupen.com/english/advisories/2011/0413 | MISC:APPLE-SA-2010-11-10-1 | URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | MISC:MDVSA-2010:215 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 | MISC:RHSA-2011:0027 | URL:http://www.redhat.com/support/errata/RHSA-2011-0027.html | MISC:RHSA-2011:0260 | URL:http://www.redhat.com/support/errata/RHSA-2011-0260.html | MISC:SUSE-SR:2011:002 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | MISC:http://bugs.python.org/issue8678 | URL:http://bugs.python.org/issue8678 | MISC:http://support.apple.com/kb/HT4435 | URL:http://support.apple.com/kb/HT4435 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=541698 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=541698;Assigned (20100415);None (candidate not yet proposed) +CVE-2010-1450;Candidate;Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.;MISC:40365 | URL:http://www.securityfocus.com/bid/40365 | MISC:42888 | URL:http://secunia.com/advisories/42888 | MISC:43068 | URL:http://secunia.com/advisories/43068 | MISC:43364 | URL:http://secunia.com/advisories/43364 | MISC:ADV-2011-0122 | URL:http://www.vupen.com/english/advisories/2011/0122 | MISC:ADV-2011-0212 | URL:http://www.vupen.com/english/advisories/2011/0212 | MISC:ADV-2011-0413 | URL:http://www.vupen.com/english/advisories/2011/0413 | MISC:APPLE-SA-2010-11-10-1 | URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | MISC:MDVSA-2010:215 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 | MISC:RHSA-2011:0027 | URL:http://www.redhat.com/support/errata/RHSA-2011-0027.html | MISC:RHSA-2011:0260 | URL:http://www.redhat.com/support/errata/RHSA-2011-0260.html | MISC:SUSE-SR:2011:002 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | MISC:http://bugs.python.org/issue8678 | URL:http://bugs.python.org/issue8678 | MISC:http://support.apple.com/kb/HT4435 | URL:http://support.apple.com/kb/HT4435 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=541698 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=541698;Assigned (20100415);None (candidate not yet proposed) +CVE-2010-1634;Candidate;Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.;MISC:39937 | URL:http://secunia.com/advisories/39937 | MISC:40194 | URL:http://secunia.com/advisories/40194 | MISC:40370 | URL:http://www.securityfocus.com/bid/40370 | MISC:42888 | URL:http://secunia.com/advisories/42888 | MISC:43068 | URL:http://secunia.com/advisories/43068 | MISC:50858 | URL:http://secunia.com/advisories/50858 | MISC:51024 | URL:http://secunia.com/advisories/51024 | MISC:51040 | URL:http://secunia.com/advisories/51040 | MISC:51087 | URL:http://secunia.com/advisories/51087 | MISC:ADV-2010-1448 | URL:http://www.vupen.com/english/advisories/2010/1448 | MISC:ADV-2011-0122 | URL:http://www.vupen.com/english/advisories/2011/0122 | MISC:ADV-2011-0212 | URL:http://www.vupen.com/english/advisories/2011/0212 | MISC:APPLE-SA-2011-10-12-3 | URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | MISC:FEDORA-2010-9652 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html | MISC:RHSA-2011:0027 | URL:http://www.redhat.com/support/errata/RHSA-2011-0027.html | MISC:SUSE-SR:2010:024 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | MISC:SUSE-SR:2011:002 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | MISC:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | MISC:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | MISC:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | MISC:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1 | MISC:http://bugs.python.org/issue8674 | URL:http://bugs.python.org/issue8674 | MISC:http://support.apple.com/kb/HT5002 | URL:http://support.apple.com/kb/HT5002 | MISC:http://svn.python.org/view?rev=81045&view=rev | URL:http://svn.python.org/view?rev=81045&view=rev | MISC:http://svn.python.org/view?rev=81079&view=rev | URL:http://svn.python.org/view?rev=81079&view=rev | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=590690 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=590690;Assigned (20100429);None (candidate not yet proposed) +CVE-2010-1666;Candidate;Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.;CONFIRM:https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274 | DEBIAN:DSA-2068 | URL:http://www.debian.org/security/2010/dsa-2068 | SECUNIA:40335 | URL:http://secunia.com/advisories/40335 | SECUNIA:40500 | URL:http://secunia.com/advisories/40500 | VUPEN:ADV-2010-1774 | URL:http://www.vupen.com/english/advisories/2010/1774;Assigned (20100430);None (candidate not yet proposed) +CVE-2010-2089;Candidate;The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.;APPLE:APPLE-SA-2011-10-12-3 | URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | BID:40863 | URL:http://www.securityfocus.com/bid/40863 | CONFIRM:http://bugs.python.org/issue7673 | CONFIRM:http://support.apple.com/kb/HT5002 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=598197 | FEDORA:FEDORA-2010-9652 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html | REDHAT:RHSA-2011:0027 | URL:http://www.redhat.com/support/errata/RHSA-2011-0027.html | SECUNIA:40194 | URL:http://secunia.com/advisories/40194 | SECUNIA:42888 | URL:http://secunia.com/advisories/42888 | SECUNIA:43068 | URL:http://secunia.com/advisories/43068 | SECUNIA:50858 | URL:http://secunia.com/advisories/50858 | SECUNIA:51024 | URL:http://secunia.com/advisories/51024 | SECUNIA:51040 | URL:http://secunia.com/advisories/51040 | SECUNIA:51087 | URL:http://secunia.com/advisories/51087 | SUSE:SUSE-SR:2010:024 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | SUSE:SUSE-SR:2011:002 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | UBUNTU:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | UBUNTU:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | UBUNTU:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | UBUNTU:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1 | VUPEN:ADV-2010-1448 | URL:http://www.vupen.com/english/advisories/2010/1448 | VUPEN:ADV-2011-0122 | URL:http://www.vupen.com/english/advisories/2011/0122 | VUPEN:ADV-2011-0212 | URL:http://www.vupen.com/english/advisories/2011/0212;Assigned (20100527);None (candidate not yet proposed) +CVE-2010-2235;Candidate;template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.;MISC:RHSA-2010:0775 | URL:http://www.redhat.com/support/errata/RHSA-2010-0775.html | MISC:http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz | URL:http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=607662 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=607662;Assigned (20100609);None (candidate not yet proposed) +CVE-2010-2480;Candidate;Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.;MISC:39935 | URL:http://secunia.com/advisories/39935 | MISC:SUSE-SR:2010:014 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html | MISC:http://bugs.python.org/issue9061 | URL:http://bugs.python.org/issue9061 | MISC:http://www.makotemplates.org/CHANGES | URL:http://www.makotemplates.org/CHANGES;Assigned (20100628);None (candidate not yet proposed) +CVE-2010-3492;Candidate;The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.;CONFIRM:http://bugs.python.org/issue6706 | MANDRIVA:MDVSA-2010:215 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 | MANDRIVA:MDVSA-2010:216 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 | MLIST:[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/09/6 | MLIST:[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/11/2 | MLIST:[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/22/3 | MLIST:[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/24/3 | OVAL:oval:org.mitre.oval:def:12111 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111;Assigned (20100924);None (candidate not yet proposed) +CVE-2010-3493;Candidate;Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.;BID:44533 | URL:http://www.securityfocus.com/bid/44533 | CONFIRM:http://bugs.python.org/issue9129 | CONFIRM:http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289 | CONFIRM:http://svn.python.org/view?view=rev&revision=84289 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=632200 | MANDRIVA:MDVSA-2010:215 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 | MANDRIVA:MDVSA-2010:216 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 | MISC:http://bugs.python.org/issue6706 | MISC:https://bugs.launchpad.net/zodb/+bug/135108 | MLIST:[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/09/6 | MLIST:[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/11/2 | MLIST:[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/22/3 | MLIST:[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases | URL:http://www.openwall.com/lists/oss-security/2010/09/24/3 | OVAL:oval:org.mitre.oval:def:12210 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210 | SECUNIA:43068 | URL:http://secunia.com/advisories/43068 | SECUNIA:50858 | URL:http://secunia.com/advisories/50858 | SECUNIA:51024 | URL:http://secunia.com/advisories/51024 | SECUNIA:51040 | URL:http://secunia.com/advisories/51040 | SUSE:SUSE-SR:2010:024 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html | SUSE:SUSE-SR:2011:002 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | UBUNTU:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | UBUNTU:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | UBUNTU:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | VUPEN:ADV-2011-0212 | URL:http://www.vupen.com/english/advisories/2011/0212;Assigned (20100924);None (candidate not yet proposed) +CVE-2011-1015;Candidate;The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.;MISC:1025489 | URL:http://securitytracker.com/id?1025489 | MISC:46541 | URL:http://www.securityfocus.com/bid/46541 | MISC:50858 | URL:http://secunia.com/advisories/50858 | MISC:51024 | URL:http://secunia.com/advisories/51024 | MISC:51040 | URL:http://secunia.com/advisories/51040 | MISC:MDVSA-2011:096 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:096 | MISC:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | MISC:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | MISC:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | MISC:[oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python | URL:http://openwall.com/lists/oss-security/2011/02/23/27 | MISC:[oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python | URL:http://openwall.com/lists/oss-security/2011/02/24/10 | MISC:http://bugs.python.org/issue2254 | URL:http://bugs.python.org/issue2254 | MISC:http://hg.python.org/cpython/rev/c6c4398293bd/ | URL:http://hg.python.org/cpython/rev/c6c4398293bd/ | MISC:http://svn.python.org/view?view=revision&revision=71303 | URL:http://svn.python.org/view?view=revision&revision=71303 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=680094 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=680094;Assigned (20110214);None (candidate not yet proposed) +CVE-2011-1156;Candidate;feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.;MISC:43730 | URL:http://secunia.com/advisories/43730 | MISC:44074 | URL:http://secunia.com/advisories/44074 | MISC:46867 | URL:http://www.securityfocus.com/bid/46867 | MISC:MDVSA-2011:082 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 | MISC:[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update | URL:http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html | MISC:[oss-security] 20110314 CVE request for python-feedparser | URL:http://openwall.com/lists/oss-security/2011/03/14/18 | MISC:[oss-security] 20110315 Re: CVE request for python-feedparser | URL:http://openwall.com/lists/oss-security/2011/03/15/11 | MISC:http://support.novell.com/security/cve/CVE-2011-1156.html | URL:http://support.novell.com/security/cve/CVE-2011-1156.html | MISC:https://bugzilla.novell.com/show_bug.cgi?id=680074 | URL:https://bugzilla.novell.com/show_bug.cgi?id=680074 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | MISC:https://code.google.com/p/feedparser/issues/detail?id=91 | URL:https://code.google.com/p/feedparser/issues/detail?id=91;Assigned (20110303);None (candidate not yet proposed) +CVE-2011-1157;Candidate;Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.;MISC:43730 | URL:http://secunia.com/advisories/43730 | MISC:44074 | URL:http://secunia.com/advisories/44074 | MISC:46867 | URL:http://www.securityfocus.com/bid/46867 | MISC:MDVSA-2011:082 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 | MISC:[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update | URL:http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html | MISC:[oss-security] 20110314 CVE request for python-feedparser | URL:http://openwall.com/lists/oss-security/2011/03/14/18 | MISC:[oss-security] 20110315 Re: CVE request for python-feedparser | URL:http://openwall.com/lists/oss-security/2011/03/15/11 | MISC:http://support.novell.com/security/cve/CVE-2011-1157.html | URL:http://support.novell.com/security/cve/CVE-2011-1157.html | MISC:https://bugzilla.novell.com/show_bug.cgi?id=680074 | URL:https://bugzilla.novell.com/show_bug.cgi?id=680074 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | MISC:https://code.google.com/p/feedparser/issues/detail?id=254 | URL:https://code.google.com/p/feedparser/issues/detail?id=254;Assigned (20110303);None (candidate not yet proposed) +CVE-2011-1158;Candidate;Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.;MISC:43730 | URL:http://secunia.com/advisories/43730 | MISC:44074 | URL:http://secunia.com/advisories/44074 | MISC:46867 | URL:http://www.securityfocus.com/bid/46867 | MISC:MDVSA-2011:082 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 | MISC:[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update | URL:http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html | MISC:[oss-security] 20110314 CVE request for python-feedparser | URL:http://openwall.com/lists/oss-security/2011/03/14/18 | MISC:[oss-security] 20110315 Re: CVE request for python-feedparser | URL:http://openwall.com/lists/oss-security/2011/03/15/11 | MISC:http://support.novell.com/security/cve/CVE-2011-1158.html | URL:http://support.novell.com/security/cve/CVE-2011-1158.html | MISC:https://bugzilla.novell.com/show_bug.cgi?id=680074 | URL:https://bugzilla.novell.com/show_bug.cgi?id=680074 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=684877 | MISC:https://code.google.com/p/feedparser/issues/detail?id=255 | URL:https://code.google.com/p/feedparser/issues/detail?id=255;Assigned (20110303);None (candidate not yet proposed) +CVE-2011-1364;Candidate;Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.;BID:50075 | URL:http://www.securityfocus.com/bid/50075 | MISC:http://blog.watchfire.com/files/googleappenginesdk.pdf | MISC:http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes | XF:google-app-engine-csrf(69958) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/69958;Assigned (20110310);None (candidate not yet proposed) +CVE-2011-1521;Candidate;The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.;APPLE:APPLE-SA-2011-10-12-3 | URL:http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | CONFIRM:http://bugs.python.org/issue11662 | CONFIRM:http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS | CONFIRM:http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS | CONFIRM:http://hg.python.org/cpython/rev/96a6c128822b/ | CONFIRM:http://hg.python.org/cpython/rev/b2934d98dac1/ | CONFIRM:http://support.apple.com/kb/HT5002 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=690560 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=737366 | CONFIRM:https://www.djangoproject.com/weblog/2011/sep/09/ | CONFIRM:https://www.djangoproject.com/weblog/2011/sep/10/127/ | MANDRIVA:MDVSA-2011:096 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2011:096 | MLIST:[oss-security] 20110324 CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes | URL:http://openwall.com/lists/oss-security/2011/03/24/5 | MLIST:[oss-security] 20110328 Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes | URL:http://openwall.com/lists/oss-security/2011/03/28/2 | MLIST:[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws | URL:http://openwall.com/lists/oss-security/2011/09/11/1 | MLIST:[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws | URL:http://openwall.com/lists/oss-security/2011/09/13/2 | MLIST:[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws | URL:http://openwall.com/lists/oss-security/2011/09/15/5 | SECTRACK:1025488 | URL:http://securitytracker.com/id?1025488 | SECUNIA:50858 | URL:http://secunia.com/advisories/50858 | SECUNIA:51024 | URL:http://secunia.com/advisories/51024 | SECUNIA:51040 | URL:http://secunia.com/advisories/51040 | SUSE:SUSE-SR:2011:009 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | UBUNTU:USN-1592-1 | URL:http://www.ubuntu.com/usn/USN-1592-1 | UBUNTU:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | UBUNTU:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | UBUNTU:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2;Assigned (20110328);None (candidate not yet proposed) +CVE-2011-2520;Candidate;fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.;MISC:1025793 | URL:http://securitytracker.com/id?1025793 | MISC:45294 | URL:http://secunia.com/advisories/45294 | MISC:48715 | URL:http://www.securityfocus.com/bid/48715 | MISC:FEDORA-2011-9652 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html | MISC:RHSA-2011:0953 | URL:http://www.redhat.com/support/errata/RHSA-2011-0953.html | MISC:[oss-security] 20110718 CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation | URL:http://www.openwall.com/lists/oss-security/2011/07/18/6 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=717985 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=717985 | MISC:systemconfigfirewall-priv-escalation(68734) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/68734;Assigned (20110615);None (candidate not yet proposed) +CVE-2011-3587;Candidate;Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.;MISC:46221 | URL:http://secunia.com/advisories/46221 | MISC:46323 | URL:http://secunia.com/advisories/46323 | MISC:http://plone.org/products/plone-hotfix/releases/20110928 | URL:http://plone.org/products/plone-hotfix/releases/20110928 | MISC:http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip | URL:http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip | MISC:http://plone.org/products/plone/security/advisories/20110928 | URL:http://plone.org/products/plone/security/advisories/20110928 | MISC:http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 | URL:http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 | MISC:http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587 | URL:http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=742297 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=742297;Assigned (20110921);None (candidate not yet proposed) +CVE-2011-4103;Candidate;emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.;MISC:DSA-2344 | URL:http://www.debian.org/security/2011/dsa-2344 | MISC:[oss-security] 20111101 Re: CVE request for Django-piston and Tastypie | URL:http://www.openwall.com/lists/oss-security/2011/11/01/10 | MISC:https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/ | URL:https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=750658 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=750658 | MISC:https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ | URL:https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/;Assigned (20111018);None (candidate not yet proposed) +CVE-2011-4104;Candidate;The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.;CONFIRM:https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2 | CONFIRM:https://groups.google.com/forum/#!topic/django-tastypie/i2aNGDHTUBI | MISC:https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ | MLIST:[oss-security] 20111102 Re: CVE request for Django-piston and Tastypie | URL:http://www.openwall.com/lists/oss-security/2011/11/02/1 | MLIST:[oss-security] 20111102 Re: Re: CVE request for Django-piston and Tastypie | URL:http://www.openwall.com/lists/oss-security/2011/11/02/7;Assigned (20111018);None (candidate not yet proposed) +CVE-2011-4137;Candidate;The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=737366 | CONFIRM:https://www.djangoproject.com/weblog/2011/sep/09/ | CONFIRM:https://www.djangoproject.com/weblog/2011/sep/10/127/ | DEBIAN:DSA-2332 | URL:http://www.debian.org/security/2011/dsa-2332 | MLIST:[oss-security] 20110911 CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws | URL:http://openwall.com/lists/oss-security/2011/09/11/1 | MLIST:[oss-security] 20110913 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws | URL:http://openwall.com/lists/oss-security/2011/09/13/2 | MLIST:[oss-security] 20110916 Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws | URL:http://openwall.com/lists/oss-security/2011/09/15/5 | SECUNIA:46614 | URL:http://secunia.com/advisories/46614 | SUSE:openSUSE-SU-2012:0653 | URL:https://hermes.opensuse.org/messages/14700881;Assigned (20111019);None (candidate not yet proposed) +CVE-2011-4211;Candidate;The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.;BID:50464 | URL:http://www.securityfocus.com/bid/50464 | MISC:http://blog.watchfire.com/files/googleappenginesdk.pdf | MISC:http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes | XF:google-app-fakefile-priv-esc(71064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71064;Assigned (20111030);None (candidate not yet proposed) +CVE-2011-4212;Candidate;The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.;MISC:http://blog.watchfire.com/files/googleappenginesdk.pdf | MISC:http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes | XF:google-apps-ospopen-priv-esc(71063) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71063;Assigned (20111030);None (candidate not yet proposed) +CVE-2011-4213;Candidate;The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.;MISC:http://blog.watchfire.com/files/googleappenginesdk.pdf | MISC:http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes | XF:google-apps-osmodule-priv-esc(71062) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71062;Assigned (20111030);None (candidate not yet proposed) +CVE-2011-4355;Candidate;GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.;MISC:1028191 | URL:http://www.securitytracker.com/id/1028191 | MISC:RHSA-2013:0522 | URL:http://rhn.redhat.com/errata/RHSA-2013-0522.html | MISC:[gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path. | URL:http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html | MISC:[gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path. | URL:http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html | MISC:http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src | URL:http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src;Assigned (20111104);None (candidate not yet proposed) +CVE-2011-4357;Candidate;Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.;MISC:47016 | URL:http://secunia.com/advisories/47016 | MISC:77419 | URL:http://osvdb.org/77419 | MISC:DSA-2355 | URL:http://www.debian.org/security/2011/dsa-2355 | MISC:[oss-security] 20111127 CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module | URL:http://www.openwall.com/lists/oss-security/2011/11/27/1 | MISC:clearsilver-neocgi-format-string(71599) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71599 | MISC:http://code.google.com/p/clearsilver/source/detail?r=919 | URL:http://code.google.com/p/clearsilver/source/detail?r=919 | MISC:http://tech.groups.yahoo.com/group/ClearSilver/message/1422 | URL:http://tech.groups.yahoo.com/group/ClearSilver/message/1422;Assigned (20111104);None (candidate not yet proposed) +CVE-2011-4642;Candidate;mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.;CONFIRM:http://www.splunk.com/view/SP-CAAAGMM | EXPLOIT-DB:18245 | URL:http://www.exploit-db.com/exploits/18245/ | MISC:http://www.sec-1.com/blog/?p=233 | MISC:http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf | SECTRACK:1026451 | URL:http://www.securitytracker.com/id?1026451 | SECUNIA:47232 | URL:http://secunia.com/advisories/47232;Assigned (20111130);None (candidate not yet proposed) +CVE-2011-4783;Candidate;The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.;CONFIRM:http://code.google.com/p/idapython/downloads/detail?name=idapython-1.5.2.3_ida6.1_py2.6_win32.zip | CONFIRM:http://code.google.com/p/idapython/source/detail?r=361 | MISC:http://technet.microsoft.com/en-us/security/msvr/msvr11-015 | SECUNIA:47295 | URL:http://secunia.com/advisories/47295 | XF:idapro-idb-code-execution(71936) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71936;Assigned (20111213);None (candidate not yet proposed) +CVE-2011-4940;Candidate;The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.;MISC:50858 | URL:http://secunia.com/advisories/50858 | MISC:51024 | URL:http://secunia.com/advisories/51024 | MISC:51040 | URL:http://secunia.com/advisories/51040 | MISC:54083 | URL:http://www.securityfocus.com/bid/54083 | MISC:JVN#51176027 | URL:http://jvn.jp/en/jp/JVN51176027/index.html | MISC:JVNDB-2012-000063 | URL:http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 | MISC:USN-1592-1 | URL:http://www.ubuntu.com/usn/USN-1592-1 | MISC:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | MISC:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | MISC:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | MISC:http://bugs.python.org/issue11442 | URL:http://bugs.python.org/issue11442 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=803500 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=803500;Assigned (20111223);None (candidate not yet proposed) +CVE-2011-4944;Candidate;Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.;MISC:50858 | URL:http://secunia.com/advisories/50858 | MISC:51024 | URL:http://secunia.com/advisories/51024 | MISC:51040 | URL:http://secunia.com/advisories/51040 | MISC:51087 | URL:http://secunia.com/advisories/51087 | MISC:51089 | URL:http://secunia.com/advisories/51089 | MISC:APPLE-SA-2013-10-22-3 | URL:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | MISC:USN-1592-1 | URL:http://www.ubuntu.com/usn/USN-1592-1 | MISC:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | MISC:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | MISC:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | MISC:USN-1615-1 | URL:http://www.ubuntu.com/usn/USN-1615-1 | MISC:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1 | MISC:[oss-security] 20120327 CVE request: distutils creates ~/.pypirc insecurely | URL:http://www.openwall.com/lists/oss-security/2012/03/27/2 | MISC:[oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely | URL:http://www.openwall.com/lists/oss-security/2012/03/27/10 | MISC:[oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely | URL:http://www.openwall.com/lists/oss-security/2012/03/27/5 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 | URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 | MISC:http://bugs.python.org/file23824/pypirc-secure.diff | URL:http://bugs.python.org/file23824/pypirc-secure.diff | MISC:http://bugs.python.org/issue13512 | URL:http://bugs.python.org/issue13512 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=758905 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=758905 | MISC:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20111223);None (candidate not yet proposed) +CVE-2011-4954;Candidate;cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE;MISC:http://www.openwall.com/lists/oss-security/2012/04/12/10 | URL:http://www.openwall.com/lists/oss-security/2012/04/12/10 | MISC:https://access.redhat.com/security/cve/cve-2011-4954 | URL:https://access.redhat.com/security/cve/cve-2011-4954 | MISC:https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954 | URL:https://bugs.gentoo.org/show_bug.cgi?id=CVE-2011-4954 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4954 | MISC:https://security-tracker.debian.org/tracker/CVE-2011-4954 | URL:https://security-tracker.debian.org/tracker/CVE-2011-4954;Assigned (20111223);None (candidate not yet proposed) +CVE-2012-0215;Candidate;model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.;CONFIRM:http://hg.tryton.org/trytond/rev/8e64d52ecea4 | CONFIRM:http://news.tryton.org/2012/03/security-releases-for-all-supported.html | CONFIRM:https://bugs.tryton.org/issue2476 | DEBIAN:DSA-2444 | URL:http://www.debian.org/security/2012/dsa-2444;Assigned (20111214);None (candidate not yet proposed) +CVE-2012-0845;Candidate;SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.;APPLE:APPLE-SA-2013-10-22-3 | URL:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | CONFIRM:http://bugs.python.org/issue14001 | CONFIRM:http://python.org/download/releases/2.6.8/ | CONFIRM:http://python.org/download/releases/2.7.3/ | CONFIRM:http://python.org/download/releases/3.1.5/ | CONFIRM:http://python.org/download/releases/3.2.3/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=789790 | MLIST:[oss-security] 20120213 Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request | URL:http://www.openwall.com/lists/oss-security/2012/02/13/4 | SECTRACK:1026689 | URL:http://www.securitytracker.com/id?1026689 | SECUNIA:50858 | URL:http://secunia.com/advisories/50858 | SECUNIA:51024 | URL:http://secunia.com/advisories/51024 | SECUNIA:51040 | URL:http://secunia.com/advisories/51040 | SECUNIA:51087 | URL:http://secunia.com/advisories/51087 | SECUNIA:51089 | URL:http://secunia.com/advisories/51089 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-1592-1 | URL:http://www.ubuntu.com/usn/USN-1592-1 | UBUNTU:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | UBUNTU:USN-1613-1 | URL:http://www.ubuntu.com/usn/USN-1613-1 | UBUNTU:USN-1613-2 | URL:http://www.ubuntu.com/usn/USN-1613-2 | UBUNTU:USN-1615-1 | URL:http://www.ubuntu.com/usn/USN-1615-1 | UBUNTU:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1;Assigned (20120119);None (candidate not yet proposed) +CVE-2012-0860;Candidate;Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.;MISC:1027838 | URL:http://www.securitytracker.com/id?1027838 | MISC:56825 | URL:http://www.securityfocus.com/bid/56825 | MISC:RHSA-2012:1506 | URL:http://rhn.redhat.com/errata/RHSA-2012-1506.html | MISC:RHSA-2012:1508 | URL:http://rhn.redhat.com/errata/RHSA-2012-1508.html | MISC:enterprise-rhev-priv-esc(80543) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/80543 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=790730 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=790730;Assigned (20120119);None (candidate not yet proposed) +CVE-2012-0861;Candidate;The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.;MISC:1027838 | URL:http://www.securitytracker.com/id?1027838 | MISC:56825 | URL:http://www.securityfocus.com/bid/56825 | MISC:RHSA-2012:1505 | URL:http://rhn.redhat.com/errata/RHSA-2012-1505.html | MISC:RHSA-2012:1506 | URL:http://rhn.redhat.com/errata/RHSA-2012-1506.html | MISC:RHSA-2012:1508 | URL:http://rhn.redhat.com/errata/RHSA-2012-1508.html | MISC:enterprise-ssl-certificates-mitm(80544) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/80544;Assigned (20120119);None (candidate not yet proposed) +CVE-2012-0955;Candidate;software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.;UBUNTU:https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753 | URL:https://code.launchpad.net/~cyphermox/software-properties/lp1036839/+merge/119753 | UBUNTU:https://launchpad.net/bugs/1036839 | URL:https://launchpad.net/bugs/1036839;Assigned (20120201);None (candidate not yet proposed) +CVE-2012-1150;Candidate;Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.;MISC:50858 | URL:http://secunia.com/advisories/50858 | MISC:51087 | URL:http://secunia.com/advisories/51087 | MISC:51089 | URL:http://secunia.com/advisories/51089 | MISC:APPLE-SA-2013-10-22-3 | URL:http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | MISC:USN-1592-1 | URL:http://www.ubuntu.com/usn/USN-1592-1 | MISC:USN-1596-1 | URL:http://www.ubuntu.com/usn/USN-1596-1 | MISC:USN-1615-1 | URL:http://www.ubuntu.com/usn/USN-1615-1 | MISC:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1 | MISC:[oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703) | URL:http://www.openwall.com/lists/oss-security/2012/03/10/3 | MISC:[python-dev] 20111229 Hash collision security issue (now public) | URL:http://mail.python.org/pipermail/python-dev/2011-December/115116.html | MISC:[python-dev] 20120128 plugging the hash attack | URL:http://mail.python.org/pipermail/python-dev/2012-January/115892.html | MISC:http://bugs.python.org/issue13703 | URL:http://bugs.python.org/issue13703 | MISC:http://python.org/download/releases/2.6.8/ | URL:http://python.org/download/releases/2.6.8/ | MISC:http://python.org/download/releases/2.7.3/ | URL:http://python.org/download/releases/2.7.3/ | MISC:http://python.org/download/releases/3.1.5/ | URL:http://python.org/download/releases/3.1.5/ | MISC:http://python.org/download/releases/3.2.3/ | URL:http://python.org/download/releases/3.2.3/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=750555 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=750555 | MISC:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20120214);None (candidate not yet proposed) +CVE-2012-2135;Candidate;The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.;MISC:51087 | URL:http://secunia.com/advisories/51087 | MISC:51089 | URL:http://secunia.com/advisories/51089 | MISC:USN-1615-1 | URL:http://www.ubuntu.com/usn/USN-1615-1 | MISC:USN-1616-1 | URL:http://www.ubuntu.com/usn/USN-1616-1 | MISC:[oss-security] 20120425 CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated | URL:http://www.openwall.com/lists/oss-security/2012/04/25/2 | MISC:[oss-security] 20120425 Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated | URL:http://www.openwall.com/lists/oss-security/2012/04/25/4 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 | URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 | MISC:http://bugs.python.org/issue14579 | URL:http://bugs.python.org/issue14579;Assigned (20120404);None (candidate not yet proposed) +CVE-2012-2921;Candidate;Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.;BID:53654 | URL:http://www.securityfocus.com/bid/53654 | CONFIRM:http://freecode.com/projects/feedparser/releases/344371 | CONFIRM:https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706 | CONFIRM:https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py | CONFIRM:https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157 | MANDRIVA:MDVSA-2013:118 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:118 | OSVDB:81701 | URL:http://osvdb.org/81701 | SECUNIA:49256 | URL:http://secunia.com/advisories/49256;Assigned (20120521);None (candidate not yet proposed) +CVE-2012-3533;Candidate;The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack.;BID:55208 | URL:http://www.securityfocus.com/bid/55208 | CONFIRM:http://gerrit.ovirt.org/#/c/7209/ | CONFIRM:http://gerrit.ovirt.org/#/c/7249/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=851672 | MLIST:[oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) | URL:http://www.openwall.com/lists/oss-security/2012/08/24/6 | MLIST:[oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) | URL:http://www.openwall.com/lists/oss-security/2012/08/26/1 | SECUNIA:50409 | URL:http://secunia.com/advisories/50409 | XF:ovirt-ssl-spoofing(77984) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77984;Assigned (20120614);None (candidate not yet proposed) +CVE-2012-4245;Candidate;The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.;BID:55089 | URL:http://www.securityfocus.com/bid/55089 | BUGTRAQ:20120816 GIMP Scriptfu Python Remote Command Execution | URL:http://archives.neohapsis.com/archives/bugtraq/2012-08/0106.html | CONFIRM:http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf | GENTOO:GLSA-201603-01 | URL:https://security.gentoo.org/glsa/201603-01 | MISC:http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-execution.html | MLIST:[oss-security] 20120816 GIMP Scriptfu Python Remote Command Execution | URL:http://www.openwall.com/lists/oss-security/2012/08/16/6 | MLIST:[oss-security] 20120817 Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution | URL:http://www.openwall.com/lists/oss-security/2012/08/17/2 | MLIST:[oss-security] 20120820 RE: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution | URL:http://www.openwall.com/lists/oss-security/2012/08/20/1;Assigned (20120810);None (candidate not yet proposed) +CVE-2012-4406;Candidate;OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.;MISC:55420 | URL:http://www.securityfocus.com/bid/55420 | MISC:FEDORA-2012-15098 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html | MISC:RHSA-2012:1379 | URL:http://rhn.redhat.com/errata/RHSA-2012-1379.html | MISC:RHSA-2013:0691 | URL:http://rhn.redhat.com/errata/RHSA-2013-0691.html | MISC:[oss-security] 20120905 CVE-Request: openstack pickle de-serialization | URL:http://www.openwall.com/lists/oss-security/2012/09/05/4 | MISC:[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization | URL:http://www.openwall.com/lists/oss-security/2012/09/05/16 | MISC:https://bugs.launchpad.net/swift/+bug/1006414 | URL:https://bugs.launchpad.net/swift/+bug/1006414 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=854757 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=854757 | MISC:https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a | URL:https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a | MISC:https://launchpad.net/swift/+milestone/1.7.0 | URL:https://launchpad.net/swift/+milestone/1.7.0 | MISC:openstack-swift-loads-code-exec(79140) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79140;Assigned (20120821);None (candidate not yet proposed) +CVE-2012-4571;Candidate;Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.;CONFIRM:http://pypi.python.org/pypi/keyring | MISC:https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845 | MLIST:[oss-security] 20121031 Re: CVE Request: Python keyring | URL:http://www.openwall.com/lists/oss-security/2012/10/31/8 | UBUNTU:USN-1634-1 | URL:http://www.ubuntu.com/usn/USN-1634-1;Assigned (20120821);None (candidate not yet proposed) +CVE-2012-5379;Candidate;"** DISPUTED ** Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the ""IKE and AuthIP IPsec Keying Modules"" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation.";MISC:https://www.htbridge.com/advisory/HTB23108;Assigned (20121011);None (candidate not yet proposed) +CVE-2012-5474;Candidate;The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.;MISC:http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html | MISC:https://access.redhat.com/security/cve/cve-2012-5474 | URL:https://access.redhat.com/security/cve/cve-2012-5474 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474 | MISC:https://security-tracker.debian.org/tracker/CVE-2012-5474 | URL:https://security-tracker.debian.org/tracker/CVE-2012-5474;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5485;Candidate;registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.;MISC:RHSA-2014:1194 | URL:http://rhn.redhat.com/errata/RHSA-2014-1194.html | MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/01 | URL:https://plone.org/products/plone/security/advisories/20121106/01;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5487;Candidate;The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.;MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/03 | URL:https://plone.org/products/plone/security/advisories/20121106/03;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5488;Candidate;python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.;MISC:RHSA-2014:1194 | URL:http://rhn.redhat.com/errata/RHSA-2014-1194.html | MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/04 | URL:https://plone.org/products/plone/security/advisories/20121106/04;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5493;Candidate;gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.;MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/09 | URL:https://plone.org/products/plone/security/advisories/20121106/09;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5494;Candidate;"Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to ""{u,}translate.""";MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/10 | URL:https://plone.org/products/plone/security/advisories/20121106/10;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5495;Candidate;"python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to ""go_back.""";MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/11 | URL:https://plone.org/products/plone/security/advisories/20121106/11;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5499;Candidate;python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.;MISC:RHSA-2014:1194 | URL:http://rhn.redhat.com/errata/RHSA-2014-1194.html | MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/15 | URL:https://plone.org/products/plone/security/advisories/20121106/15;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5506;Candidate;python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.;MISC:[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix | URL:http://www.openwall.com/lists/oss-security/2012/11/10/1 | MISC:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | URL:https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | MISC:https://plone.org/products/plone-hotfix/releases/20121106 | URL:https://plone.org/products/plone-hotfix/releases/20121106 | MISC:https://plone.org/products/plone/security/advisories/20121106/22 | URL:https://plone.org/products/plone/security/advisories/20121106/22;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5577;Candidate;Python keyring lib before 0.10 created keyring files with world-readable permissions.;MISC:http://www.openwall.com/lists/oss-security/2012/11/27/3 | URL:http://www.openwall.com/lists/oss-security/2012/11/27/3 | MISC:https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1 | URL:https://bitbucket.org/kang/python-keyring-lib/commits/049cd181470f1ee6c540e1d64acf1def7b1de0c1 | MISC:https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg | URL:https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5577 | MISC:https://security-tracker.debian.org/tracker/CVE-2012-5577 | URL:https://security-tracker.debian.org/tracker/CVE-2012-5577;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5578;Candidate;Python keyring has insecure permissions on new databases allowing world-readable files to be created;MISC:Debian | URL:https://security-tracker.debian.org/tracker/CVE-2012-5578 | MISC:Red Hat | URL:https://access.redhat.com/security/cve/cve-2012-5578 | MISC:http://www.openwall.com/lists/oss-security/2012/11/27/4 | URL:http://www.openwall.com/lists/oss-security/2012/11/27/4 | MISC:https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465 | URL:https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5578 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5578 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5578 | URL:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-5578;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5659;Candidate;Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module.;CONFIRM:http://git.fedorahosted.org/cgit/abrt.git/commit/?id=b173d81b577953b96a282167c7eecd66bf111a4f | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=854011 | REDHAT:RHSA-2013:0215 | URL:http://rhn.redhat.com/errata/RHSA-2013-0215.html;Assigned (20121024);None (candidate not yet proposed) +CVE-2012-5822;Candidate;The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library.;MISC:http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | XF:zamboni-ssl-spoofing(79929) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79929;Assigned (20121104);None (candidate not yet proposed) +CVE-2012-5825;Candidate;Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.;MISC:http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf | XF:tweepy-ssl-spoofing(79831) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79831;Assigned (20121104);None (candidate not yet proposed) +CVE-2013-1068;Candidate;The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.;UBUNTU:USN-2247-1 | URL:http://www.ubuntu.com/usn/USN-2247-1 | UBUNTU:USN-2248-1 | URL:http://ubuntu.com/usn/usn-2248-1;Assigned (20130111);None (candidate not yet proposed) +CVE-2013-1664;Candidate;"The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.";CONFIRM:http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html | CONFIRM:http://bugs.python.org/issue17239 | CONFIRM:https://bugs.launchpad.net/nova/+bug/1100282 | MLIST:[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) | URL:http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html | MLIST:[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 | URL:http://www.openwall.com/lists/oss-security/2013/02/19/4 | MLIST:[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) | URL:http://www.openwall.com/lists/oss-security/2013/02/19/2 | REDHAT:RHSA-2013:0657 | URL:http://rhn.redhat.com/errata/RHSA-2013-0657.html | REDHAT:RHSA-2013:0658 | URL:http://rhn.redhat.com/errata/RHSA-2013-0658.html | REDHAT:RHSA-2013:0670 | URL:http://rhn.redhat.com/errata/RHSA-2013-0670.html | UBUNTU:USN-1757-1 | URL:http://ubuntu.com/usn/usn-1757-1;Assigned (20130213);None (candidate not yet proposed) +CVE-2013-1665;Candidate;The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.;CONFIRM:http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html | CONFIRM:http://bugs.python.org/issue17239 | CONFIRM:https://bugs.launchpad.net/keystone/+bug/1100279 | DEBIAN:DSA-2634 | URL:http://www.debian.org/security/2013/dsa-2634 | MLIST:[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) | URL:http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html | MLIST:[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280 | URL:http://www.openwall.com/lists/oss-security/2013/02/19/4 | MLIST:[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) | URL:http://www.openwall.com/lists/oss-security/2013/02/19/2 | REDHAT:RHSA-2013:0657 | URL:http://rhn.redhat.com/errata/RHSA-2013-0657.html | REDHAT:RHSA-2013:0658 | URL:http://rhn.redhat.com/errata/RHSA-2013-0658.html | REDHAT:RHSA-2013:0670 | URL:http://rhn.redhat.com/errata/RHSA-2013-0670.html | UBUNTU:USN-1757-1 | URL:http://ubuntu.com/usn/usn-1757-1;Assigned (20130213);None (candidate not yet proposed) +CVE-2013-1752;Candidate;"** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 ""Independently Fixable"" in the CVE Counting Decisions.";;Assigned (20130215);None (candidate not yet proposed) +CVE-2013-1753;Candidate;The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.;CONFIRM:https://bugs.python.org/issue16043;Assigned (20130215);None (candidate not yet proposed) +CVE-2013-1895;Candidate;The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.;MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html | MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html | MISC:http://www.openwall.com/lists/oss-security/2013/03/26/2 | URL:http://www.openwall.com/lists/oss-security/2013/03/26/2 | MISC:http://www.securityfocus.com/bid/58702 | URL:http://www.securityfocus.com/bid/58702 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/83039 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/83039;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-1909;Candidate;The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.;CONFIRM:http://qpid.apache.org/releases/qpid-0.22/release-notes.html | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1460013 | CONFIRM:https://issues.apache.org/jira/browse/QPID-4918 | REDHAT:RHSA-2013:1024 | URL:http://rhn.redhat.com/errata/RHSA-2013-1024.html | SECUNIA:53968 | URL:http://secunia.com/advisories/53968 | SECUNIA:54137 | URL:http://secunia.com/advisories/54137;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2013;Candidate;The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.;MISC:[oss-security] 20130523 [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) | URL:http://www.openwall.com/lists/oss-security/2013/05/23/4 | MISC:https://bugs.launchpad.net/python-keystoneclient/+bug/938315 | URL:https://bugs.launchpad.net/python-keystoneclient/+bug/938315 | MISC:oval:org.mitre.oval:def:16937 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2072;Candidate;Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap.;MISC:59982 | URL:http://www.securityfocus.com/bid/59982 | MISC:DSA-3041 | URL:http://www.debian.org/security/2014/dsa-3041 | MISC:FEDORA-2013-8513 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106778.html | MISC:FEDORA-2013-8571 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106718.html | MISC:FEDORA-2013-8590 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106721.html | MISC:SUSE-SU-2014:0446 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html | MISC:[oss-security] 20130517 Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend | URL:http://www.openwall.com/lists/oss-security/2013/05/17/2;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2099;Candidate;Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.;MISC:55107 | URL:http://secunia.com/advisories/55107 | MISC:55116 | URL:http://secunia.com/advisories/55116 | MISC:RHSA-2014:1690 | URL:http://rhn.redhat.com/errata/RHSA-2014-1690.html | MISC:RHSA-2016:1166 | URL:https://access.redhat.com/errata/RHSA-2016:1166 | MISC:USN-1983-1 | URL:http://www.ubuntu.com/usn/USN-1983-1 | MISC:USN-1984-1 | URL:http://www.ubuntu.com/usn/USN-1984-1 | MISC:USN-1985-1 | URL:http://www.ubuntu.com/usn/USN-1985-1 | MISC:[oss-security] 20130515 Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } | URL:http://www.openwall.com/lists/oss-security/2013/05/16/6 | MISC:http://bugs.python.org/issue17980 | URL:http://bugs.python.org/issue17980 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=963260 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=963260;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2104;Candidate;python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.;MISC:RHSA-2013:0944 | URL:http://rhn.redhat.com/errata/RHSA-2013-0944.html | MISC:USN-1851-1 | URL:http://www.ubuntu.com/usn/USN-1851-1 | MISC:USN-1875-1 | URL:http://www.ubuntu.com/usn/USN-1875-1 | MISC:[oss-security] 20130528 [OSSA 2013-014] Missing expiration check in Keystone PKI tokens validation (CVE-2013-2104) | URL:http://www.openwall.com/lists/oss-security/2013/05/28/7 | MISC:https://bugs.launchpad.net/python-keystoneclient/+bug/1179615 | URL:https://bugs.launchpad.net/python-keystoneclient/+bug/1179615 | MISC:openSUSE-SU-2013:1089 | URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2131;Candidate;Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.;MISC:[oss-security] 20130418 plone, rrdtool, zenoss bugs | URL:http://www.openwall.com/lists/oss-security/2013/04/18/5 | MISC:[oss-security] 20130419 Re: plone, rrdtool, zenoss bugs | URL:http://www.openwall.com/lists/oss-security/2013/05/19/5 | MISC:[oss-security] 20130531 Re: plone, rrdtool, zenoss bugs | URL:http://www.openwall.com/lists/oss-security/2013/05/31/2 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=969296 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=969296 | MISC:https://github.com/oetiker/rrdtool-1.x/issues/396 | URL:https://github.com/oetiker/rrdtool-1.x/issues/396 | MISC:https://github.com/oetiker/rrdtool-1.x/pull/397 | URL:https://github.com/oetiker/rrdtool-1.x/pull/397;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2132;Candidate;"bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an ""invalid DBRef.""";MISC:60252 | URL:http://www.securityfocus.com/bid/60252 | MISC:93804 | URL:http://www.osvdb.org/93804 | MISC:DSA-2705 | URL:http://www.debian.org/security/2013/dsa-2705 | MISC:USN-1897-1 | URL:http://ubuntu.com/usn/usn-1897-1 | MISC:[oss-security] 20130531 Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery | URL:http://seclists.org/oss-sec/2013/q2/447 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 | URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 | MISC:https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 | URL:https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 | MISC:https://jira.mongodb.org/browse/PYTHON-532 | URL:https://jira.mongodb.org/browse/PYTHON-532 | MISC:openSUSE-SU-2013:1064 | URL:http://lists.opensuse.org/opensuse-updates/2013-06/msg00180.html;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2166;Candidate;python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass;MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html | MISC:http://rhn.redhat.com/errata/RHSA-2013-0992.html | URL:http://rhn.redhat.com/errata/RHSA-2013-0992.html | MISC:http://www.openwall.com/lists/oss-security/2013/06/19/5 | URL:http://www.openwall.com/lists/oss-security/2013/06/19/5 | MISC:http://www.securityfocus.com/bid/60684 | URL:http://www.securityfocus.com/bid/60684 | MISC:https://access.redhat.com/security/cve/cve-2013-2166 | URL:https://access.redhat.com/security/cve/cve-2013-2166 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166 | URL:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166 | MISC:https://security-tracker.debian.org/tracker/CVE-2013-2166 | URL:https://security-tracker.debian.org/tracker/CVE-2013-2166;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2167;Candidate;python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass;MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html | MISC:http://rhn.redhat.com/errata/RHSA-2013-0992.html | URL:http://rhn.redhat.com/errata/RHSA-2013-0992.html | MISC:http://www.openwall.com/lists/oss-security/2013/06/19/5 | URL:http://www.openwall.com/lists/oss-security/2013/06/19/5 | MISC:http://www.securityfocus.com/bid/60680 | URL:http://www.securityfocus.com/bid/60680 | MISC:https://access.redhat.com/security/cve/cve-2013-2167 | URL:https://access.redhat.com/security/cve/cve-2013-2167 | MISC:https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167 | URL:https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/85492 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85492 | MISC:https://security-tracker.debian.org/tracker/CVE-2013-2167 | URL:https://security-tracker.debian.org/tracker/CVE-2013-2167;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-2191;Candidate;python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.;MISC:[oss-security] 20130619 [CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate | URL:http://www.openwall.com/lists/oss-security/2013/06/19/6 | MISC:[python-bugzilla] 20130619 ANNOUNCE: python-bugzilla 0.9.0 released | URL:https://lists.fedorahosted.org/pipermail/python-bugzilla/2013-June/000104.html | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=951594 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=951594 | MISC:https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef | URL:https://git.fedorahosted.org/cgit/python-bugzilla.git/commit/?id=a782282ee479ba4cc1b8b1d89700ac630ba83eef | MISC:openSUSE-SU-2013:1154 | URL:http://lists.opensuse.org/opensuse-updates/2013-07/msg00025.html | MISC:openSUSE-SU-2013:1155 | URL:http://lists.opensuse.org/opensuse-updates/2013-07/msg00026.html;Assigned (20130219);None (candidate not yet proposed) +CVE-2013-4111;Candidate;The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.;MISC:54313 | URL:http://secunia.com/advisories/54313 | MISC:54525 | URL:http://secunia.com/advisories/54525 | MISC:RHSA-2013:1200 | URL:http://rhn.redhat.com/errata/RHSA-2013-1200.html | MISC:USN-2004-1 | URL:http://www.ubuntu.com/usn/USN-2004-1 | MISC:https://bugs.launchpad.net/ossa/+bug/1192229 | URL:https://bugs.launchpad.net/ossa/+bug/1192229 | MISC:https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst | URL:https://github.com/openstack/python-glanceclient/blob/master/doc/source/index.rst | MISC:openSUSE-SU-2013:1330 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00019.html;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4238;Candidate;The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.;MISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | MISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded | MISC:DSA-2880 | URL:http://www.debian.org/security/2014/dsa-2880 | MISC:RHSA-2013:1582 | URL:http://rhn.redhat.com/errata/RHSA-2013-1582.html | MISC:USN-1982-1 | URL:http://www.ubuntu.com/usn/USN-1982-1 | MISC:http://bugs.python.org/issue18709 | URL:http://bugs.python.org/issue18709 | MISC:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | URL:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=996381 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=996381 | MISC:openSUSE-SU-2013:1437 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html | MISC:openSUSE-SU-2013:1438 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html | MISC:openSUSE-SU-2013:1439 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html | MISC:openSUSE-SU-2013:1440 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html | MISC:openSUSE-SU-2013:1462 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html | MISC:openSUSE-SU-2013:1463 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html | MISC:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4245;Candidate;Orca has arbitrary code execution due to insecure Python module load;MISC:https://access.redhat.com/security/cve/cve-2013-4245 | URL:https://access.redhat.com/security/cve/cve-2013-4245 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245 | URL:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245 | MISC:https://security-tracker.debian.org/tracker/CVE-2013-4245 | URL:https://security-tracker.debian.org/tracker/CVE-2013-4245;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4346;Candidate;The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.;MISC:62386 | URL:http://www.securityfocus.com/bid/62386 | MISC:[oss-security] 20130912 Re: cve requests for python-oauth2 | URL:http://www.openwall.com/lists/oss-security/2013/09/12/7 | MISC:https://github.com/simplegeo/python-oauth2/issues/129 | URL:https://github.com/simplegeo/python-oauth2/issues/129;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4347;Candidate;The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.;MISC:62388 | URL:http://www.securityfocus.com/bid/62388 | MISC:[oss-security] 20130912 Re: cve requests for python-oauth2 | URL:http://www.openwall.com/lists/oss-security/2013/09/12/7 | MISC:https://github.com/simplegeo/python-oauth2/issues/9 | URL:https://github.com/simplegeo/python-oauth2/issues/9 | MISC:https://github.com/simplegeo/python-oauth2/pull/146 | URL:https://github.com/simplegeo/python-oauth2/pull/146;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4367;Candidate;ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.;MISC:https://access.redhat.com/security/cve/cve-2013-4367 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4409;Candidate;An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.;MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120619.html | MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119819.html | MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119820.html | MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119830.html | MISC:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html | URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119831.html | MISC:http://www.securityfocus.com/bid/63029 | URL:http://www.securityfocus.com/bid/63029 | MISC:https://access.redhat.com/security/cve/cve-2013-4409 | URL:https://access.redhat.com/security/cve/cve-2013-4409 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4409 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/88059 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/88059 | MISC:https://security-tracker.debian.org/tracker/CVE-2013-4409 | URL:https://security-tracker.debian.org/tracker/CVE-2013-4409;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4482;Candidate;Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.;MISC:RHSA-2013:1603 | URL:http://rhn.redhat.com/errata/RHSA-2013-1603.html | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=990321 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=990321;Assigned (20130612);None (candidate not yet proposed) +CVE-2013-4867;Candidate;Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking;MISC:http://www.exploit-db.com/exploits/27285 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/86222;Assigned (20130717);None (candidate not yet proposed) +CVE-2013-5093;Candidate;The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.;BID:61894 | URL:http://www.securityfocus.com/bid/61894 | CONFIRM:https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst | EXPLOIT-DB:27752 | URL:http://www.exploit-db.com/exploits/27752 | MISC:http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/ | MISC:https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb | OSVDB:96436 | URL:http://www.osvdb.org/96436 | SECUNIA:54556 | URL:http://secunia.com/advisories/54556;Assigned (20130808);None (candidate not yet proposed) +CVE-2013-5106;Candidate;A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19.;MISC:http://github.com/klen/python-mode/issues/162;Assigned (20130812);None (candidate not yet proposed) +CVE-2013-5123;Candidate;The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.;MISC:http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155248.html | MISC:http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155291.html | MISC:http://www.openwall.com/lists/oss-security/2013/08/21/17 | MISC:http://www.openwall.com/lists/oss-security/2013/08/21/18 | MISC:http://www.securityfocus.com/bid/77520 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5123 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5123 | MISC:https://security-tracker.debian.org/tracker/CVE-2013-5123;Assigned (20130815);None (candidate not yet proposed) +CVE-2013-5654;Candidate;Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage;MISC:http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744 | MISC:http://www.vapidlabs.com/advisory.php?v=94;Assigned (20130830);None (candidate not yet proposed) +CVE-2013-5655;Candidate;Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the default URI.;BID:62074 | URL:http://www.securityfocus.com/bid/62074 | MLIST:[oss-security] 20130929 YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload | URL:http://www.openwall.com/lists/oss-security/2013/08/29/8 | MLIST:[oss-security] 20130930 Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload | URL:http://www.openwall.com/lists/oss-security/2013/08/30/2 | OSVDB:96719 | URL:http://osvdb.org/96719;Assigned (20130830);None (candidate not yet proposed) +CVE-2013-5942;Candidate;Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.;CONFIRM:https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst | SECUNIA:54556 | URL:http://secunia.com/advisories/54556;Assigned (20130927);None (candidate not yet proposed) +CVE-2013-6396;Candidate;The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.;MISC:[oss-security] 20140217 [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396) | URL:http://www.openwall.com/lists/oss-security/2014/02/17/7 | MISC:https://bugs.launchpad.net/python-swiftclient/+bug/1199783 | URL:https://bugs.launchpad.net/python-swiftclient/+bug/1199783;Assigned (20131104);None (candidate not yet proposed) +CVE-2013-6491;Candidate;The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.;MISC:RHSA-2014:0112 | URL:http://rhn.redhat.com/errata/RHSA-2014-0112.html | MISC:USN-2247-1 | URL:http://www.ubuntu.com/usn/USN-2247-1 | MISC:https://bugs.launchpad.net/oslo/+bug/1158807 | URL:https://bugs.launchpad.net/oslo/+bug/1158807 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=996766 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=996766;Assigned (20131104);None (candidate not yet proposed) +CVE-2013-7040;Candidate;Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.;APPLE:APPLE-SA-2015-08-13-2 | URL:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | BID:64194 | URL:http://www.securityfocus.com/bid/64194 | CONFIRM:http://bugs.python.org/issue14621 | CONFIRM:https://support.apple.com/kb/HT205031 | MLIST:[oss-security] 20131209 CPython hash secret can be recoved remotely | URL:http://www.openwall.com/lists/oss-security/2013/12/09/3 | MLIST:[oss-security] 20131209 Re: CPython hash secret can be recoved remotely | URL:http://www.openwall.com/lists/oss-security/2013/12/09/13;Assigned (20131209);None (candidate not yet proposed) +CVE-2013-7323;Candidate;python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.;CONFIRM:https://code.google.com/p/python-gnupg/ | DEBIAN:DSA-2946 | URL:http://www.debian.org/security/2014/dsa-2946 | MLIST:[oss-security] 20140204 CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/243 | MLIST:[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/244 | MLIST:[oss-security] 20140209 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/294 | SECUNIA:56616 | URL:http://secunia.com/advisories/56616 | SECUNIA:59031 | URL:http://secunia.com/advisories/59031;Assigned (20140209);None (candidate not yet proposed) +CVE-2013-7338;Candidate;Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.;APPLE:APPLE-SA-2015-08-13-2 | URL:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | BID:65179 | URL:http://www.securityfocus.com/bid/65179 | CONFIRM:http://bugs.python.org/issue20078 | CONFIRM:http://hg.python.org/cpython/rev/79ea4ce431b1 | CONFIRM:https://docs.python.org/3.3/whatsnew/changelog.html | CONFIRM:https://support.apple.com/kb/HT205031 | GENTOO:GLSA-201503-10 | URL:https://security.gentoo.org/glsa/201503-10 | MLIST:[oss-security] 20140318 CVE request for python/zipfile | URL:http://seclists.org/oss-sec/2014/q1/592 | MLIST:[oss-security] 20140319 Re: CVE request for python/zipfile | URL:http://seclists.org/oss-sec/2014/q1/595 | SECTRACK:1029973 | URL:http://www.securitytracker.com/id/1029973 | SUSE:openSUSE-SU-2014:0597 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html;Assigned (20140318);None (candidate not yet proposed) +CVE-2013-7440;Candidate;The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.;BID:74707 | URL:http://www.securityfocus.com/bid/74707 | CONFIRM:https://bugs.python.org/issue17997 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1224999 | CONFIRM:https://hg.python.org/cpython/rev/10d0edadbcdd | MLIST:[oss-security] 20150518 CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix | URL:http://seclists.org/oss-sec/2015/q2/483 | MLIST:[oss-security] 20150521 Re: CVE request: ssl.match_hostname(): sub string wildcard should not match IDNA prefix | URL:http://seclists.org/oss-sec/2015/q2/523 | REDHAT:RHSA-2016:1166 | URL:https://access.redhat.com/errata/RHSA-2016:1166;Assigned (20150519);None (candidate not yet proposed) +CVE-2013-7459;Candidate;Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.;BID:95122 | URL:http://www.securityfocus.com/bid/95122 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1409754 | CONFIRM:https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 | CONFIRM:https://github.com/dlitz/pycrypto/issues/176 | FEDORA:FEDORA-2017-08207fe48b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/ | FEDORA:FEDORA-2017-7c569d396b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/ | GENTOO:GLSA-201702-14 | URL:https://security.gentoo.org/glsa/201702-14 | MISC:https://pony7.fr/ctf:public:32c3:cryptmsg | MLIST:[oss-security] 20161227 Re: Buffer overflow in pycrypto | URL:http://www.openwall.com/lists/oss-security/2016/12/27/8;Assigned (20161227);None (candidate not yet proposed) +CVE-2013-7489;Candidate;The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.;MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1850105 | MISC:https://github.com/bbangert/beaker/issues/191 | MISC:https://www.openwall.com/lists/oss-security/2020/05/14/11;Assigned (20200626);None (candidate not yet proposed) +CVE-2014-0105;Candidate;"The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an ""interaction between eventlet and python-memcached.""";CONFIRM:https://bugs.launchpad.net/python-keystoneclient/+bug/1282865 | MLIST:[oss-security] 20140327 [OSSA 2014-007] Potential context confusion in Keystone middleware (CVE-2014-0105) | URL:http://www.openwall.com/lists/oss-security/2014/03/27/4 | REDHAT:RHSA-2014:0382 | URL:http://rhn.redhat.com/errata/RHSA-2014-0382.html | REDHAT:RHSA-2014:0409 | URL:http://rhn.redhat.com/errata/RHSA-2014-0409.html;Assigned (20131203);None (candidate not yet proposed) +CVE-2014-0161;Candidate;ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate.;MISC:https://access.redhat.com/security/cve/cve-2014-0161 | URL:https://access.redhat.com/security/cve/cve-2014-0161 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0161;Assigned (20131203);None (candidate not yet proposed) +CVE-2014-0472;Candidate;"The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a ""dotted Python path.""";CONFIRM:https://www.djangoproject.com/weblog/2014/apr/21/security/ | DEBIAN:DSA-2934 | URL:http://www.debian.org/security/2014/dsa-2934 | REDHAT:RHSA-2014:0456 | URL:http://rhn.redhat.com/errata/RHSA-2014-0456.html | REDHAT:RHSA-2014:0457 | URL:http://rhn.redhat.com/errata/RHSA-2014-0457.html | SECUNIA:61281 | URL:http://secunia.com/advisories/61281 | SUSE:openSUSE-SU-2014:1132 | URL:http://lists.opensuse.org/opensuse-updates/2014-09/msg00023.html | UBUNTU:USN-2169-1 | URL:http://www.ubuntu.com/usn/USN-2169-1;Assigned (20131219);None (candidate not yet proposed) +CVE-2014-0485;Candidate;S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.;CONFIRM:https://bitbucket.org/nikratio/s3ql/commits/091ac263809b4e8 | DEBIAN:DSA-3013 | URL:http://www.debian.org/security/2014/dsa-3013 | MLIST:[oss-security] 20140828 CVE-2014-0485: unsafe Python pickle in s3ql | URL:http://www.openwall.com/lists/oss-security/2014/08/28/3;Assigned (20131219);None (candidate not yet proposed) +CVE-2014-125028;Candidate;A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148.;MISC:https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f | URL:https://github.com/valtech/valtech-idp-test-clients/commit/f1e7b3d431c8681ec46445557125890c14fa295f | MISC:https://vuldb.com/?ctiid.217148 | URL:https://vuldb.com/?ctiid.217148 | MISC:https://vuldb.com/?id.217148 | URL:https://vuldb.com/?id.217148;Assigned (20221231);None (candidate not yet proposed) +CVE-2014-1604;Candidate;The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.;CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263 | CONFIRM:https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c | MLIST:[oss-security] 20140114 Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/01/17/8 | MLIST:[oss-security] 20140117 Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/01/18/4 | OSVDB:102202 | URL:http://www.osvdb.org/102202 | SECUNIA:56429 | URL:http://secunia.com/advisories/56429 | XF:rply-cve20141604-insecure-permissions(90593) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90593;Assigned (20140117);None (candidate not yet proposed) +CVE-2014-1624;Candidate;Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.;BID:65042 | URL:http://www.securityfocus.com/bid/65042 | MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247 | MLIST:[oss-security] 20140121 Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/01/21/3 | MLIST:[oss-security] 20140121 Re: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/01/21/4 | XF:pythonxdg-cve20141624-symlink(90618) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90618;Assigned (20140121);None (candidate not yet proposed) +CVE-2014-1829;Candidate;Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.;CONFIRM:http://advisories.mageia.org/MGASA-2014-0409.html | CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108 | CONFIRM:https://github.com/kennethreitz/requests/issues/1885 | DEBIAN:DSA-3146 | URL:http://www.debian.org/security/2015/dsa-3146 | MANDRIVA:MDVSA-2015:133 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 | UBUNTU:USN-2382-1 | URL:http://www.ubuntu.com/usn/USN-2382-1;Assigned (20140130);None (candidate not yet proposed) +CVE-2014-1830;Candidate;Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.;CONFIRM:http://advisories.mageia.org/MGASA-2014-0409.html | CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733108 | CONFIRM:https://github.com/kennethreitz/requests/issues/1885 | DEBIAN:DSA-3146 | URL:http://www.debian.org/security/2015/dsa-3146 | MANDRIVA:MDVSA-2015:133 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 | SUSE:openSUSE-SU-2016:0246 | URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00095.html;Assigned (20140130);None (candidate not yet proposed) +CVE-2014-1912;Candidate;Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.;APPLE:APPLE-SA-2015-08-13-2 | URL:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | BID:65379 | URL:http://www.securityfocus.com/bid/65379 | CONFIRM:http://bugs.python.org/issue20246 | CONFIRM:http://hg.python.org/cpython/rev/87673659d8f7 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | CONFIRM:https://support.apple.com/kb/HT205031 | DEBIAN:DSA-2880 | URL:http://www.debian.org/security/2014/dsa-2880 | EXPLOIT-DB:31875 | URL:http://www.exploit-db.com/exploits/31875 | GENTOO:GLSA-201503-10 | URL:https://security.gentoo.org/glsa/201503-10 | MISC:http://pastebin.com/raw.php?i=GHXSmNEg | MISC:https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ | MLIST:[oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into | URL:http://www.openwall.com/lists/oss-security/2014/02/12/16 | REDHAT:RHSA-2015:1064 | URL:http://rhn.redhat.com/errata/RHSA-2015-1064.html | REDHAT:RHSA-2015:1330 | URL:http://rhn.redhat.com/errata/RHSA-2015-1330.html | SECTRACK:1029831 | URL:http://www.securitytracker.com/id/1029831 | SUSE:openSUSE-SU-2014:0518 | URL:http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html | SUSE:openSUSE-SU-2014:0597 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html | UBUNTU:USN-2125-1 | URL:http://www.ubuntu.com/usn/USN-2125-1;Assigned (20140207);None (candidate not yet proposed) +CVE-2014-1927;Candidate;"The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using ""$("" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.";CONFIRM:https://code.google.com/p/python-gnupg/ | CONFIRM:https://code.google.com/p/python-gnupg/issues/detail?id=98 | DEBIAN:DSA-2946 | URL:http://www.debian.org/security/2014/dsa-2946 | MLIST:[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/245 | MLIST:[oss-security] 20140209 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/294 | SECUNIA:56616 | URL:http://secunia.com/advisories/56616 | SECUNIA:59031 | URL:http://secunia.com/advisories/59031;Assigned (20140209);None (candidate not yet proposed) +CVE-2014-1928;Candidate;"The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using ""\"" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.";CONFIRM:https://code.google.com/p/python-gnupg/ | CONFIRM:https://code.google.com/p/python-gnupg/issues/detail?id=98 | DEBIAN:DSA-2946 | URL:http://www.debian.org/security/2014/dsa-2946 | MLIST:[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/246 | MLIST:[oss-security] 20140209 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/294 | SECUNIA:56616 | URL:http://secunia.com/advisories/56616 | SECUNIA:59031 | URL:http://secunia.com/advisories/59031;Assigned (20140209);None (candidate not yet proposed) +CVE-2014-1929;Candidate;"python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to ""option injection through positional arguments."" NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.";DEBIAN:DSA-2946 | URL:http://www.debian.org/security/2014/dsa-2946 | MLIST:[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/245 | MLIST:[oss-security] 20140212 Re: CVE request: python-gnupg before 0.3.5 shell injection | URL:http://seclists.org/oss-sec/2014/q1/335 | SECUNIA:59031 | URL:http://secunia.com/advisories/59031;Assigned (20140209);None (candidate not yet proposed) +CVE-2014-1932;Candidate;The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.;BID:65511 | URL:http://www.securityfocus.com/bid/65511 | CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059 | CONFIRM:https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | GENTOO:GLSA-201612-52 | URL:https://security.gentoo.org/glsa/201612-52 | MLIST:[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/02/11/1 | SUSE:openSUSE-SU-2014:0591 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html | UBUNTU:USN-2168-1 | URL:http://www.ubuntu.com/usn/USN-2168-1;Assigned (20140210);None (candidate not yet proposed) +CVE-2014-1933;Candidate;The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.;BID:65513 | URL:http://www.securityfocus.com/bid/65513 | CONFIRM:https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7 | GENTOO:GLSA-201612-52 | URL:https://security.gentoo.org/glsa/201612-52 | MLIST:[oss-security] 20140210 CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/02/10/15 | MLIST:[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp | URL:http://www.openwall.com/lists/oss-security/2014/02/11/1 | SUSE:openSUSE-SU-2014:0591 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00002.html | UBUNTU:USN-2168-1 | URL:http://www.ubuntu.com/usn/USN-2168-1;Assigned (20140210);None (candidate not yet proposed) +CVE-2014-1934;Candidate;tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.;CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737062 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1063671 | SUSE:openSUSE-SU-2014:0619 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00027.html | SUSE:openSUSE-SU-2014:0620 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00028.html;Assigned (20140210);None (candidate not yet proposed) +CVE-2014-1938;Candidate;python-rply before 0.7.4 insecurely creates temporary files.;MISC:http://www.openwall.com/lists/oss-security/2014/02/11/1 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737627 | MISC:https://security-tracker.debian.org/tracker/CVE-2014-1938;Assigned (20140210);None (candidate not yet proposed) +CVE-2014-2331;Candidate;Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.;BUGTRAQ:20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk | URL:http://www.securityfocus.com/archive/1/531594 | BUGTRAQ:20140328 Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 | URL:http://www.securityfocus.com/archive/1/531656;Assigned (20140312);None (candidate not yet proposed) +CVE-2014-2667;Candidate;Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.;CONFIRM:http://bugs.python.org/issue21082 | GENTOO:GLSA-201503-10 | URL:https://security.gentoo.org/glsa/201503-10 | MLIST:[oss-security] 20140328 CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python | URL:http://www.openwall.com/lists/oss-security/2014/03/28/15 | MLIST:[oss-security] 20140329 Re: [PSRT] CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python | URL:http://www.openwall.com/lists/oss-security/2014/03/29/5 | MLIST:[oss-security] 20140330 Re: CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python | URL:http://www.openwall.com/lists/oss-security/2014/03/30/4 | SUSE:openSUSE-SU-2014:0596 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html | SUSE:openSUSE-SU-2014:0597 | URL:http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20140326);None (candidate not yet proposed) +CVE-2014-2967;Candidate;Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.;CERT-VN:VU#402020 | URL:http://www.kb.cert.org/vuls/id/402020;Assigned (20140421);None (candidate not yet proposed) +CVE-2014-3007;Candidate;Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.;MISC:http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059;Assigned (20140427);None (candidate not yet proposed) +CVE-2014-3429;Candidate;IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.;"CONFIRM:http://advisories.mageia.org/MGASA-2014-0320.html | CONFIRM:http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1119890 | CONFIRM:https://github.com/ipython/ipython/pull/4845 | MANDRIVA:MDVSA-2015:160 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:160 | MLIST:[ipython-dev] 20140713 Vulnerability in IPython Notebook ≤ 1.1 | URL:http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198 | MLIST:[oss-security] 20140715 IPython Notebook Cross 2014-3429 | URL:http://seclists.org/oss-sec/2014/q3/152 | SUSE:openSUSE-SU-2014:1060 | URL:http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html | XF:ipython-cve20143429-code-exec(94497) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94497";Assigned (20140507);None (candidate not yet proposed) +CVE-2014-3539;Candidate;base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.;MISC:[oss-security] 20150206 python-rope: pickle.load of remotely supplied data with no authentication required | URL:http://www.openwall.com/lists/oss-security/2015/02/07/1 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1116485 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1116485;Assigned (20140514);None (candidate not yet proposed) +CVE-2014-3589;Candidate;PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.;CONFIRM:https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d | CONFIRM:https://pypi.python.org/pypi/Pillow/2.3.2 | CONFIRM:https://pypi.python.org/pypi/Pillow/2.5.2 | DEBIAN:DSA-3009 | URL:http://www.debian.org/security/2014/dsa-3009 | SECUNIA:59825 | URL:http://secunia.com/advisories/59825 | SUSE:openSUSE-SU-2015:0798 | URL:http://lists.opensuse.org/opensuse-updates/2015-04/msg00056.html;Assigned (20140514);None (candidate not yet proposed) +CVE-2014-3593;Candidate;Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.;MISC:RHSA-2014:1390 | URL:http://rhn.redhat.com/errata/RHSA-2014-1390.html | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=989005 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=989005;Assigned (20140514);None (candidate not yet proposed) +CVE-2014-4616;Candidate;Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.;BID:68119 | URL:http://www.securityfocus.com/bid/68119 | CONFIRM:http://bugs.python.org/issue21529 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1112285 | GENTOO:GLSA-201503-10 | URL:https://security.gentoo.org/glsa/201503-10 | MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395 | MISC:https://hackerone.com/reports/12297 | MLIST:[oss-security] 20140624 Re: CVE request: python: _json module is vulnerable to arbitrary process memory read | URL:http://openwall.com/lists/oss-security/2014/06/24/7 | REDHAT:RHSA-2015:1064 | URL:http://rhn.redhat.com/errata/RHSA-2015-1064.html | SUSE:openSUSE-SU-2014:0890 | URL:http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html;Assigned (20140624);None (candidate not yet proposed) +CVE-2014-4650;Candidate;The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.;MISC:http://bugs.python.org/issue21766 | MISC:http://openwall.com/lists/oss-security/2014/06/26/3 | REDHAT:Red Hat | URL:https://access.redhat.com/security/cve/cve-2014-4650;Assigned (20140625);None (candidate not yet proposed) +CVE-2014-5340;Candidate;The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.;BUGTRAQ:20140820 Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities | URL:http://www.securityfocus.com/archive/1/533180/100/0/threaded | CONFIRM:http://mathias-kettner.de/check_mk_werks.php?werk_id=984 | MISC:http://packetstormsecurity.com/files/127941/Deutsche-Telekom-CERT-Advisory-DTC-A-20140820-001.html | REDHAT:RHSA-2015:1495 | URL:http://rhn.redhat.com/errata/RHSA-2015-1495.html;Assigned (20140818);None (candidate not yet proposed) +CVE-2014-6262;Candidate;Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.;MISC:http://www.kb.cert.org/vuls/id/449452 | MISC:https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing | MISC:https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec | MISC:https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 | MISC:https://github.com/oetiker/rrdtool-1.x/pull/532 | MISC:https://www.securityfocus.com/bid/71540 | MLIST:[debian-lts-announce] 20200301 [SECURITY] [DLA 2131-1] rrdtool security update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html | MLIST:[debian-lts-announce] 20200302 [SECURITY] [DLA 2131-2] rrdtool regression update | URL:https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html;Assigned (20140905);None (candidate not yet proposed) +CVE-2014-6448;Candidate;Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access.;CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695;Assigned (20140917);None (candidate not yet proposed) +CVE-2014-7143;Candidate;Python Twisted 14.0 trustRoot is not respected in HTTP client;MISC:http://www.openwall.com/lists/oss-security/2014/09/22/2 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143 | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/96135 | MISC:https://security-tracker.debian.org/tracker/CVE-2014-7143;Assigned (20140922);None (candidate not yet proposed) +CVE-2014-7144;Candidate;"OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the ""insecure"" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.";BID:69864 | URL:http://www.securityfocus.com/bid/69864 | CONFIRM:https://bugs.launchpad.net/python-keystoneclient/+bug/1353315 | MLIST:[oss-security] 20140926 [OSSA 2014-030] TLS cert verification option not honoured in paste configs (CVE-2014-7144) | URL:http://www.openwall.com/lists/oss-security/2014/09/25/51 | REDHAT:RHSA-2014:1783 | URL:http://rhn.redhat.com/errata/RHSA-2014-1783.html | REDHAT:RHSA-2014:1784 | URL:http://rhn.redhat.com/errata/RHSA-2014-1784.html | REDHAT:RHSA-2015:0020 | URL:http://rhn.redhat.com/errata/RHSA-2015-0020.html | SECUNIA:62709 | URL:http://secunia.com/advisories/62709 | UBUNTU:USN-2705-1 | URL:http://www.ubuntu.com/usn/USN-2705-1;Assigned (20140922);None (candidate not yet proposed) +CVE-2014-7185;Candidate;"Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a ""buffer"" function.";APPLE:APPLE-SA-2015-08-13-2 | URL:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | BID:70089 | URL:http://www.securityfocus.com/bid/70089 | CONFIRM:http://bugs.python.org/issue21831 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1146026 | CONFIRM:https://support.apple.com/kb/HT205031 | FEDORA:FEDORA-2014-11559 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html | GENTOO:GLSA-201503-10 | URL:https://security.gentoo.org/glsa/201503-10 | MLIST:[oss-security] 20140923 CVE Request: Python 2.7 | URL:http://www.openwall.com/lists/oss-security/2014/09/23/5 | MLIST:[oss-security] 20140925 Re: CVE Request: Python 2.7 | URL:http://www.openwall.com/lists/oss-security/2014/09/25/47 | REDHAT:RHSA-2015:1064 | URL:http://rhn.redhat.com/errata/RHSA-2015-1064.html | REDHAT:RHSA-2015:1330 | URL:http://rhn.redhat.com/errata/RHSA-2015-1330.html | SUSE:openSUSE-SU-2014:1292 | URL:http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html | XF:python-bufferobject-overflow(96193) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/96193;Assigned (20140925);None (candidate not yet proposed) +CVE-2014-8165;Candidate;scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.;MISC:72537 | URL:http://www.securityfocus.com/bid/72537 | MISC:RHSA-2016:2607 | URL:http://rhn.redhat.com/errata/RHSA-2016-2607.html | MISC:[Powerpc-utils-devel] 20140930 [RFC PATCH] amsvis/amsnet: Replace pickle with json | URL:http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/ | MISC:[oss-security] 20150209 CVE-2014-8165: remote code execution in powerpc-utils-python | URL:http://www.openwall.com/lists/oss-security/2015/02/09/4 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1073139 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1073139 | MISC:powerpcutils-cve20148165-code-exec(100788) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100788;Assigned (20141010);None (candidate not yet proposed) +CVE-2014-8650;Candidate;python-requests-Kerberos through 0.5 does not handle mutual authentication;MISC:http://www.openwall.com/lists/oss-security/2014/11/07/1 | MISC:http://www.securityfocus.com/bid/70909 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8650 | MISC:https://security-tracker.debian.org/tracker/CVE-2014-8650;Assigned (20141106);None (candidate not yet proposed) +CVE-2014-9365;Candidate;The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.;APPLE:APPLE-SA-2015-08-13-2 | URL:http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | BID:71639 | URL:http://www.securityfocus.com/bid/71639 | CONFIRM:http://bugs.python.org/issue22417 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:https://support.apple.com/kb/HT205031 | CONFIRM:https://www.python.org/dev/peps/pep-0476/ | CONFIRM:https://www.python.org/downloads/release/python-279/ | GENTOO:GLSA-201503-10 | URL:https://security.gentoo.org/glsa/201503-10 | MLIST:[oss-security] 20141211 CVE request: Python, standard library HTTP clients | URL:http://www.openwall.com/lists/oss-security/2014/12/11/1 | REDHAT:RHSA-2016:1166 | URL:https://access.redhat.com/errata/RHSA-2016:1166 | REDHAT:RHSA-2017:1162 | URL:https://access.redhat.com/errata/RHSA-2017:1162 | REDHAT:RHSA-2017:1868 | URL:https://access.redhat.com/errata/RHSA-2017:1868;Assigned (20141211);None (candidate not yet proposed) +CVE-2015-0692;Candidate;Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.;CISCO:20150410 Cisco Web Security Appliance Pickle Python Module Arbitrary Code Execution Vulnerability | URL:http://tools.cisco.com/security/center/viewAlert.x?alertId=38305 | SECTRACK:1032097 | URL:http://www.securitytracker.com/id/1032097;Assigned (20150107);None (candidate not yet proposed) +CVE-2015-0693;Candidate;Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259.;CISCO:20150413 Cisco Web Security Appliance Python File Processing Privilege Escalation Vulnerability | URL:http://tools.cisco.com/security/center/viewAlert.x?alertId=38306 | SECTRACK:1032097 | URL:http://www.securitytracker.com/id/1032097;Assigned (20150107);None (candidate not yet proposed) +CVE-2015-1326;Candidate;python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.;MISC:https://github.com/martinpitt/python-dbusmock/commit/4e7d0df9093;Assigned (20150122);None (candidate not yet proposed) +CVE-2015-1341;Candidate;Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.;MISC:https://launchpad.net/apport/trunk/2.19.2 | MISC:https://usn.ubuntu.com/2782-1/;Assigned (20150122);None (candidate not yet proposed) +CVE-2015-1852;Candidate;"The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the ""insecure"" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.";MISC:74187 | URL:http://www.securityfocus.com/bid/74187 | MISC:RHSA-2015:1677 | URL:http://rhn.redhat.com/errata/RHSA-2015-1677.html | MISC:RHSA-2015:1685 | URL:http://rhn.redhat.com/errata/RHSA-2015-1685.html | MISC:USN-2705-1 | URL:http://www.ubuntu.com/usn/USN-2705-1 | MISC:[openstack-announce] 20150414 [OSSA 2015-007] S3Token TLS cert verification option not honored (CVE-2015-1852) | URL:http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html | MISC:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | URL:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | MISC:https://bugs.launchpad.net/keystonemiddleware/+bug/1411063 | URL:https://bugs.launchpad.net/keystonemiddleware/+bug/1411063;Assigned (20150217);None (candidate not yet proposed) +CVE-2015-1950;Candidate;IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.;AIXAPAR:IT08926 | URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926 | BID:75102 | URL:http://www.securityfocus.com/bid/75102 | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740;Assigned (20150219);None (candidate not yet proposed) +CVE-2015-20107;Candidate;In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9;CONFIRM:https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html | CONFIRM:https://security.netapp.com/advisory/ntap-20220616-0001/ | FEDORA:FEDORA-2022-0be85556b4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/ | FEDORA:FEDORA-2022-1358cedf2d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/ | FEDORA:FEDORA-2022-17a1bb7e78 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/ | FEDORA:FEDORA-2022-20e87fb0d1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/ | FEDORA:FEDORA-2022-2e1d1205cf | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/ | FEDORA:FEDORA-2022-4a69d20cf4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/ | FEDORA:FEDORA-2022-4b0dfda810 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/ | FEDORA:FEDORA-2022-4c788bdc40 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/ | FEDORA:FEDORA-2022-5ad25e3d3c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/ | FEDORA:FEDORA-2022-5ea8aa7518 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/ | FEDORA:FEDORA-2022-79843dfb3c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ | FEDORA:FEDORA-2022-9cd41b6709 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/ | FEDORA:FEDORA-2022-9da5703d22 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/ | FEDORA:FEDORA-2022-9dd70781cb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/ | FEDORA:FEDORA-2022-a8e50dc83e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/ | FEDORA:FEDORA-2022-b499f2a9c6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/ | FEDORA:FEDORA-2022-ce55d01569 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/ | FEDORA:FEDORA-2022-cece1d07d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/ | FEDORA:FEDORA-2022-d157a91e10 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/ | FEDORA:FEDORA-2022-d1682fef04 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ | FEDORA:FEDORA-2022-dbe9a8f9ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/ | FEDORA:FEDORA-2022-ec74ac4079 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/ | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://bugs.python.org/issue24778 | MISC:https://github.com/python/cpython/issues/68966 | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html;Assigned (20220413);None (candidate not yet proposed) +CVE-2015-2316;Candidate;The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.;BID:73322 | URL:http://www.securityfocus.com/bid/73322 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | CONFIRM:https://www.djangoproject.com/weblog/2015/mar/18/security-releases/ | FEDORA:FEDORA-2015-5766 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155421.html | SUSE:openSUSE-SU-2015:0643 | URL:http://lists.opensuse.org/opensuse-updates/2015-04/msg00001.html | UBUNTU:USN-2539-1 | URL:http://www.ubuntu.com/usn/USN-2539-1;Assigned (20150317);None (candidate not yet proposed) +CVE-2015-2674;Candidate;Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1202837 | MISC:https://github.com/benoitc/restkit/issues/140 | MLIST:[oss-security] 20150323 Re: Assign a CVE for Python's restkit Please | URL:http://www.openwall.com/lists/oss-security/2015/03/23/7;Assigned (20150323);None (candidate not yet proposed) +CVE-2015-3206;Candidate;The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.;MISC:74760 | URL:http://www.securityfocus.com/bid/74760 | MISC:[oss-security] 20150521 CVE-2015-3206 python-kerberos: checkPassword() does not verify KDC authenticity | URL:http://www.openwall.com/lists/oss-security/2015/05/21/3 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1223802 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1223802 | MISC:https://github.com/apple/ccs-pykerberos/issues/31 | URL:https://github.com/apple/ccs-pykerberos/issues/31 | MISC:https://pypi.python.org/pypi/kerberos | URL:https://pypi.python.org/pypi/kerberos;Assigned (20150410);None (candidate not yet proposed) +CVE-2015-3220;Candidate;The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1254215 | CONFIRM:https://github.com/trevp/tlslite/commit/aca8d4f898b436ff6754e1a9ab96cae976c8a853 | MLIST:[tslite-dev] 20150812 tlslite-0.4.9 | URL:https://groups.google.com/forum/#!topic/tlslite-dev/MoWE7B0A4iU;Assigned (20150410);None (candidate not yet proposed) +CVE-2015-3446;Candidate;The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).;BID:74403 | URL:http://www.securityfocus.com/bid/74403 | CONFIRM:https://www.alienvault.com/forums/discussion/4415/ | MISC:http://www.zerodayinitiative.com/advisories/ZDI-15-161/;Assigned (20150428);None (candidate not yet proposed) +CVE-2015-4231;Candidate;The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.;CISCO:20150630 Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability | URL:http://tools.cisco.com/security/center/viewAlert.x?alertId=39568 | SECTRACK:1032763 | URL:http://www.securitytracker.com/id/1032763;Assigned (20150604);None (candidate not yet proposed) +CVE-2015-4234;Candidate;Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.;BID:75502 | URL:http://www.securityfocus.com/bid/75502 | CISCO:20150630 Cisco Nexus Devices Python Subsystem Local Privilege Escalation Vulnerabilities | URL:http://tools.cisco.com/security/center/viewAlert.x?alertId=39571 | SECTRACK:1032765 | URL:http://www.securitytracker.com/id/1032765;Assigned (20150604);None (candidate not yet proposed) +CVE-2015-4604;Candidate;"The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a ""Python script text executable"" rule.";"BID:75241 | URL:http://www.securityfocus.com/bid/75241 | CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | CONFIRM:https://bugs.php.net/bug.php?id=68819 | MLIST:[oss-security] 20150616 Re: CVE Request: various issues in PHP | URL:http://www.openwall.com/lists/oss-security/2015/06/16/12 | REDHAT:RHSA-2015:1135 | URL:http://rhn.redhat.com/errata/RHSA-2015-1135.html | REDHAT:RHSA-2015:1186 | URL:http://rhn.redhat.com/errata/RHSA-2015-1186.html | REDHAT:RHSA-2015:1187 | URL:http://rhn.redhat.com/errata/RHSA-2015-1187.html | SECTRACK:1032709 | URL:http://www.securitytracker.com/id/1032709";Assigned (20150616);None (candidate not yet proposed) +CVE-2015-4605;Candidate;"The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a ""Python script text executable"" rule.";"BID:75233 | URL:http://www.securityfocus.com/bid/75233 | CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=f938112c495b0d26572435c0be73ac0bfe642ecd | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | CONFIRM:https://bugs.php.net/bug.php?id=68819 | MLIST:[oss-security] 20150616 Re: CVE Request: various issues in PHP | URL:http://www.openwall.com/lists/oss-security/2015/06/16/12 | REDHAT:RHSA-2015:1135 | URL:http://rhn.redhat.com/errata/RHSA-2015-1135.html | REDHAT:RHSA-2015:1186 | URL:http://rhn.redhat.com/errata/RHSA-2015-1186.html | REDHAT:RHSA-2015:1187 | URL:http://rhn.redhat.com/errata/RHSA-2015-1187.html | SECTRACK:1032709 | URL:http://www.securitytracker.com/id/1032709";Assigned (20150616);None (candidate not yet proposed) +CVE-2015-4706;Candidate;Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.;BID:75328 | URL:http://www.securityfocus.com/bid/75328 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1235688 | CONFIRM:https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce | CONFIRM:https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c | CONFIRM:https://ipython.org/ipython-doc/3/whatsnew/version3.html | MLIST:[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses | URL:http://www.openwall.com/lists/oss-security/2015/06/22/7;Assigned (20150622);None (candidate not yet proposed) +CVE-2015-4707;Candidate;Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.;BID:75328 | URL:http://www.securityfocus.com/bid/75328 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1235688 | CONFIRM:https://github.com/ipython/ipython/commit/7222bd53ad089a65fd610fab4626f9d0ab47dfce | CONFIRM:https://github.com/ipython/ipython/commit/c2078a53543ed502efd968649fee1125e0eb549c | CONFIRM:https://ipython.org/ipython-doc/3/whatsnew/version3.html | MLIST:[oss-security] 20150622 Re: CVE request: IPython XSS in JSON error responses | URL:http://www.openwall.com/lists/oss-security/2015/06/22/7;Assigned (20150622);None (candidate not yet proposed) +CVE-2015-5159;Candidate;python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.;MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1245200 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1245200 | MISC:https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882 | URL:https://github.com/latchset/kdcproxy/commit/f274aa6787cb8b3ec1cc12c440a56665b7231882;Assigned (20150701);None (candidate not yet proposed) +CVE-2015-5216;Candidate;The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response.;MISC:http://www.openwall.com/lists/oss-security/2015/10/27/8 | URL:http://www.openwall.com/lists/oss-security/2015/10/27/8 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1255170 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1255170 | MISC:https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16 | URL:https://pagure.io/ipsilon/a503aa9c2a30a74e709d1c88099befd50fb2eb16;Assigned (20150701);None (candidate not yet proposed) +CVE-2015-5242;Candidate;OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).;MISC:RHSA-2015:1918 | URL:http://rhn.redhat.com/errata/RHSA-2015-1918.html | MISC:https://access.redhat.com/solutions/1985893 | URL:https://access.redhat.com/solutions/1985893 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1258743 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1258743 | MISC:https://review.openstack.org/#/c/237994/ | URL:https://review.openstack.org/#/c/237994/;Assigned (20150701);None (candidate not yet proposed) +CVE-2015-5306;Candidate;OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.;MISC:RHSA-2015:1929 | URL:https://access.redhat.com/errata/RHSA-2015:1929 | MISC:RHSA-2015:2685 | URL:http://rhn.redhat.com/errata/RHSA-2015-2685.html | MISC:https://bugs.launchpad.net/ironic-inspector/+bug/1506419 | URL:https://bugs.launchpad.net/ironic-inspector/+bug/1506419 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1273698 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1273698;Assigned (20150701);None (candidate not yet proposed) +CVE-2015-5607;Candidate;Cross-site request forgery in the REST API in IPython 2 and 3.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1243842 | CONFIRM:https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 | CONFIRM:https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 | FEDORA:FEDORA-2015-11677 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html | FEDORA:FEDORA-2015-11767 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html | MLIST:[oss-security] 20150721 Re: CVE request: IPython CSRF validation | URL:http://www.openwall.com/lists/oss-security/2015/07/21/3;Assigned (20150720);None (candidate not yet proposed) +CVE-2015-5652;Candidate;"Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says ""It was determined that this is a longtime behavior of Python that cannot really be altered at this point.""";BID:76929 | URL:http://www.securityfocus.com/bid/76929 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 | JVN:JVN#49503705 | URL:http://jvn.jp/en/jp/JVN49503705/index.html | JVNDB:JVNDB-2015-000141 | URL:http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141 | MISC:http://jvn.jp/en/jp/JVN49503705/995204/index.html;Assigned (20150724);None (candidate not yet proposed) +CVE-2015-6531;Candidate;Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.;BID:76862 | URL:http://www.securityfocus.com/bid/76862 | MISC:https://www.tenable.com/security/research/tra-2015-02;Assigned (20150820);None (candidate not yet proposed) +CVE-2015-6938;Candidate;Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1259405 | CONFIRM:https://github.com/ipython/ipython/commit/3ab41641cf6fce3860c73d5cf4645aa12e1e5892 | CONFIRM:https://github.com/jupyter/notebook/commit/35f32dd2da804d108a3a3585b69ec3295b2677ed | CONFIRM:https://github.com/jupyter/notebook/commit/dd9876381f0ef09873d8c5f6f2063269172331e3 | FEDORA:FEDORA-2015-14901 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166471.html | FEDORA:FEDORA-2015-14902 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166460.html | FEDORA:FEDORA-2015-16128 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html | MLIST:[oss-security] 20150902 CVE Request : CSRF in IPython/Jupyter notebook Tree. | URL:http://seclists.org/oss-sec/2015/q3/474 | MLIST:[oss-security] 20150914 Re: CVE Request : CSRF in IPython/Jupyter notebook Tree. | URL:http://seclists.org/oss-sec/2015/q3/544 | SUSE:openSUSE-SU-2015:1699 | URL:http://lists.opensuse.org/opensuse-updates/2015-10/msg00016.html;Assigned (20150914);None (candidate not yet proposed) +CVE-2015-7337;Candidate;The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1264067 | CONFIRM:https://github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967 | CONFIRM:https://github.com/jupyter/notebook/commit/9e63dd89b603dfbe3a7e774d8a962ee0fa30c0b5 | FEDORA:FEDORA-2015-16128 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167670.html | GENTOO:GLSA-201512-02 | URL:https://security.gentoo.org/glsa/201512-02 | MLIST:[oss-security] 20150916 CVE Request: Maliciously crafted text files in IPython/Jupyter editor | URL:http://seclists.org/oss-sec/2015/q3/558 | MLIST:[oss-security] 20150924 Re: CVE Request: Maliciously crafted text files in IPython/Jupyter editor | URL:http://seclists.org/oss-sec/2015/q3/634;Assigned (20150924);None (candidate not yet proposed) +CVE-2015-7489;Candidate;IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.;CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21973502 | SECTRACK:1034546 | URL:http://www.securitytracker.com/id/1034546;Assigned (20150929);None (candidate not yet proposed) +CVE-2015-7546;Candidate;The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.;MISC:80498 | URL:http://www.securityfocus.com/bid/80498 | MISC:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | URL:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | MISC:https://bugs.launchpad.net/keystone/+bug/1490804 | URL:https://bugs.launchpad.net/keystone/+bug/1490804 | MISC:https://security.openstack.org/ossa/OSSA-2016-005.html | URL:https://security.openstack.org/ossa/OSSA-2016-005.html | MISC:https://wiki.openstack.org/wiki/OSSN/OSSN-0062 | URL:https://wiki.openstack.org/wiki/OSSN/OSSN-0062;Assigned (20150929);None (candidate not yet proposed) +CVE-2015-7828;Candidate;SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.;FULLDISC:20151109 [Onapsis Security Advisory 2015-024-040] SAP HANA TrexNet Vulnerabilities | URL:http://seclists.org/fulldisclosure/2015/Nov/36 | MISC:http://packetstormsecurity.com/files/134281/SAP-HANA-TrexNet-Command-Execution.html | MISC:https://www.onapsis.com/blog/analyzing-sap-security-notes-august-2015-edition;Assigned (20151014);None (candidate not yet proposed) +CVE-2016-0772;Candidate;"The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a ""StartTLS stripping attack.""";MISC:91225 | URL:http://www.securityfocus.com/bid/91225 | MISC:GLSA-201701-18 | URL:https://security.gentoo.org/glsa/201701-18 | MISC:RHSA-2016:1626 | URL:http://rhn.redhat.com/errata/RHSA-2016-1626.html | MISC:RHSA-2016:1627 | URL:http://rhn.redhat.com/errata/RHSA-2016-1627.html | MISC:RHSA-2016:1628 | URL:http://rhn.redhat.com/errata/RHSA-2016-1628.html | MISC:RHSA-2016:1629 | URL:http://rhn.redhat.com/errata/RHSA-2016-1629.html | MISC:RHSA-2016:1630 | URL:http://rhn.redhat.com/errata/RHSA-2016-1630.html | MISC:[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html | MISC:[oss-security] 20160614 Python CVE-2016-0772: smtplib StartTLS stripping attack | URL:http://www.openwall.com/lists/oss-security/2016/06/14/9 | MISC:http://www.splunk.com/view/SP-CAAAPSV | URL:http://www.splunk.com/view/SP-CAAAPSV | MISC:http://www.splunk.com/view/SP-CAAAPUE | URL:http://www.splunk.com/view/SP-CAAAPUE | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1303647 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1303647 | MISC:https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 | URL:https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 | MISC:https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 | URL:https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 | MISC:https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS | URL:https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS | MISC:https://hg.python.org/cpython/rev/b3ce713fb9be | URL:https://hg.python.org/cpython/rev/b3ce713fb9be | MISC:https://hg.python.org/cpython/rev/d590114c2394 | URL:https://hg.python.org/cpython/rev/d590114c2394 | MISC:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20151216);None (candidate not yet proposed) +CVE-2016-1000110;Candidate;The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.;MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/ | MISC:https://security-tracker.debian.org/tracker/CVE-2016-1000110 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20160718);None (candidate not yet proposed) +CVE-2016-10561;Candidate;Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.;MISC:https://nodesecurity.io/advisories/150;Assigned (20171029);None (candidate not yet proposed) +CVE-2016-1494;Candidate;The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.;BID:79829 | URL:http://www.securityfocus.com/bid/79829 | CONFIRM:https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff | FEDORA:FEDORA-2016-70edfbbcef | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.html | FEDORA:FEDORA-2016-c845706426 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.html | MISC:https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/ | MLIST:[oss-security] 20160104 Re: CVE Request: python-rsa signature forgery | URL:http://www.openwall.com/lists/oss-security/2016/01/05/3 | MLIST:[oss-security] 20160105 CVE Request: python-rsa signature forgery | URL:http://www.openwall.com/lists/oss-security/2016/01/05/1 | SUSE:openSUSE-SU-2016:0108 | URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00032.html;Assigned (20160104);None (candidate not yet proposed) +CVE-2016-2533;Candidate;Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.;CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | CONFIRM:https://github.com/python-pillow/Pillow/blob/c3cb690fed5d4bf0c45576759de55d054916c165/CHANGES.rst | CONFIRM:https://github.com/python-pillow/Pillow/commit/5bdf54b5a76b54fb00bd05f2d733e0a4173eefc9#diff-8ff6909c159597e22288ad818938fd6b | CONFIRM:https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b | CONFIRM:https://github.com/python-pillow/Pillow/pull/1706 | DEBIAN:DSA-3499 | URL:http://www.debian.org/security/2016/dsa-3499 | GENTOO:GLSA-201612-52 | URL:https://security.gentoo.org/glsa/201612-52 | MLIST:[oss-security] 20160202 CVE Request -- Buffer overflow in Python-Pillow and PIL | URL:http://www.openwall.com/lists/oss-security/2016/02/02/5 | MLIST:[oss-security] 20160222 Re: CVE Request -- Buffer overflow in Python-Pillow and PIL | URL:http://www.openwall.com/lists/oss-security/2016/02/22/2;Assigned (20160222);None (candidate not yet proposed) +CVE-2016-4043;Candidate;Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.;CONFIRM:https://plone.org/security/hotfix/20160419/bypass-restricted-python | MLIST:[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone | URL:http://www.openwall.com/lists/oss-security/2016/04/20/3;Assigned (20160419);None (candidate not yet proposed) +CVE-2016-4972;Candidate;OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.;MISC:[oss-security] 20160623 RCE vulnerability in Openstack Murano using insecure YAML tags (CVE-2016-4972) | URL:http://www.openwall.com/lists/oss-security/2016/06/23/8 | MISC:https://bugs.launchpad.net/murano/+bug/1586079 | URL:https://bugs.launchpad.net/murano/+bug/1586079 | MISC:https://bugs.launchpad.net/python-muranoclient/+bug/1586078 | URL:https://bugs.launchpad.net/python-muranoclient/+bug/1586078;Assigned (20160524);None (candidate not yet proposed) +CVE-2016-5598;Candidate;Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python.;BID:93653 | URL:http://www.securityfocus.com/bid/93653 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050;Assigned (20160616);None (candidate not yet proposed) +CVE-2016-5636;Candidate;Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.;BID:91247 | URL:http://www.securityfocus.com/bid/91247 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | CONFIRM:http://www.splunk.com/view/SP-CAAAPSV | CONFIRM:http://www.splunk.com/view/SP-CAAAPUE | CONFIRM:https://bugs.python.org/issue26171 | CONFIRM:https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 | CONFIRM:https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 | CONFIRM:https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS | GENTOO:GLSA-201701-18 | URL:https://security.gentoo.org/glsa/201701-18 | MLIST:[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html | MLIST:[oss-security] 20160615 CVE Request: heap overflow in Python zipimport module | URL:http://www.openwall.com/lists/oss-security/2016/06/15/15 | MLIST:[oss-security] 20160616 Re: CVE Request: heap overflow in Python zipimport module | URL:http://www.openwall.com/lists/oss-security/2016/06/16/1 | REDHAT:RHSA-2016:2586 | URL:http://rhn.redhat.com/errata/RHSA-2016-2586.html | SECTRACK:1038138 | URL:http://www.securitytracker.com/id/1038138 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20160616);None (candidate not yet proposed) +CVE-2016-5699;Candidate;CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.;MISC:91226 | URL:http://www.securityfocus.com/bid/91226 | MISC:RHSA-2016:1626 | URL:http://rhn.redhat.com/errata/RHSA-2016-1626.html | MISC:RHSA-2016:1627 | URL:http://rhn.redhat.com/errata/RHSA-2016-1627.html | MISC:RHSA-2016:1628 | URL:http://rhn.redhat.com/errata/RHSA-2016-1628.html | MISC:RHSA-2016:1629 | URL:http://rhn.redhat.com/errata/RHSA-2016-1629.html | MISC:RHSA-2016:1630 | URL:http://rhn.redhat.com/errata/RHSA-2016-1630.html | MISC:[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html | MISC:[oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client | URL:http://www.openwall.com/lists/oss-security/2016/06/14/7 | MISC:[oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client | URL:http://www.openwall.com/lists/oss-security/2016/06/15/12 | MISC:[oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client | URL:http://www.openwall.com/lists/oss-security/2016/06/16/2 | MISC:http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html | URL:http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html | MISC:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | URL:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | MISC:http://www.splunk.com/view/SP-CAAAPSV | URL:http://www.splunk.com/view/SP-CAAAPSV | MISC:http://www.splunk.com/view/SP-CAAAPUE | URL:http://www.splunk.com/view/SP-CAAAPUE | MISC:https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4 | URL:https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4 | MISC:https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS | URL:https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS | MISC:https://hg.python.org/cpython/rev/1c45047c5102 | URL:https://hg.python.org/cpython/rev/1c45047c5102 | MISC:https://hg.python.org/cpython/rev/bf3e1c9b80e9 | URL:https://hg.python.org/cpython/rev/bf3e1c9b80e9 | MISC:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20160616);None (candidate not yet proposed) +CVE-2016-5851;Candidate;python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.;BID:91485 | URL:http://www.securityfocus.com/bid/91485 | CONFIRM:https://github.com/python-openxml/python-docx/blob/v0.8.6/HISTORY.rst | FEDORA:FEDORA-2021-aa54748cd9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FFMOH7ZPOPQWNJGUZOS5LXX4MGNRXXT/ | FEDORA:FEDORA-2021-aa6ebc01be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XU2WSYRNB7CLBBFCGSX34XHACTA2SWDZ/ | MISC:https://github.com/python-openxml/python-docx/commit/61b40b161b64173ab8e362aec1fd197948431beb | MLIST:[oss-security] 20160628 CVE request - python-docx 0.8.5 - XXE | URL:http://www.openwall.com/lists/oss-security/2016/06/28/7 | MLIST:[oss-security] 20160628 Re: CVE request - python-docx 0.8.5 - XXE | URL:http://www.openwall.com/lists/oss-security/2016/06/28/8;Assigned (20160628);None (candidate not yet proposed) +CVE-2016-6580;Candidate;A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.;BID:92311 | URL:http://www.securityfocus.com/bid/92311 | CONFIRM:https://python-hyper.org/priority/en/latest/security/CVE-2016-6580.html;Assigned (20160803);None (candidate not yet proposed) +CVE-2016-6581;Candidate;"A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called ""HPACK Bomb"" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.";BID:92315 | URL:http://www.securityfocus.com/bid/92315 | CONFIRM:https://python-hyper.org/hpack/en/latest/security/CVE-2016-6581.html;Assigned (20160803);None (candidate not yet proposed) +CVE-2016-7036;Candidate;python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.;BID:95845 | URL:http://www.securityfocus.com/bid/95845 | CONFIRM:https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93 | CONFIRM:https://github.com/mpdavis/python-jose/releases/tag/1.3.2;Assigned (20160823);None (candidate not yet proposed) +CVE-2016-9015;Candidate;Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.;BID:93941 | URL:http://www.securityfocus.com/bid/93941 | MLIST:[oss-security] 20161027 CVE-2016-9015: Python urllib3 1.17 and 1.18 certificate verification failure | URL:http://www.openwall.com/lists/oss-security/2016/10/27/6;Assigned (20161025);None (candidate not yet proposed) +CVE-2016-9949;Candidate;"An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a ""{"". This allows remote attackers to execute arbitrary Python code.";BID:95011 | URL:http://www.securityfocus.com/bid/95011 | EXPLOIT-DB:40937 | URL:https://www.exploit-db.com/exploits/40937/ | MISC:https://bugs.launchpad.net/apport/+bug/1648806 | MISC:https://donncha.is/2016/12/compromising-ubuntu-desktop/ | MISC:https://github.com/DonnchaC/ubuntu-apport-exploitation | UBUNTU:USN-3157-1 | URL:http://www.ubuntu.com/usn/USN-3157-1;Assigned (20161214);None (candidate not yet proposed) +CVE-2016-9950;Candidate;"An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file ""Package"" and ""SourcePackage"" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.";BID:95011 | URL:http://www.securityfocus.com/bid/95011 | EXPLOIT-DB:40937 | URL:https://www.exploit-db.com/exploits/40937/ | MISC:https://bugs.launchpad.net/apport/+bug/1648806 | MISC:https://donncha.is/2016/12/compromising-ubuntu-desktop/ | MISC:https://github.com/DonnchaC/ubuntu-apport-exploitation | UBUNTU:USN-3157-1 | URL:http://www.ubuntu.com/usn/USN-3157-1;Assigned (20161214);None (candidate not yet proposed) +CVE-2017-0906;Candidate;"The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the ""Resource.get"" method that could result in compromise of API keys or other critical resources.";CONFIRM:https://dev.recurly.com/page/python-updates | CONFIRM:https://github.com/recurly/recurly-client-python/commit/049c74699ce93cf126feff06d632ea63fba36742 | MISC:https://hackerone.com/reports/288635;Assigned (20161130);None (candidate not yet proposed) +CVE-2017-0923;Candidate;Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.;CONFIRM:https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ | MISC:https://hackerone.com/reports/293740;Assigned (20161130);None (candidate not yet proposed) +CVE-2017-1000158;Candidate;CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution);CONFIRM:https://security.netapp.com/advisory/ntap-20230216-0001/ | DEBIAN:DSA-4307 | URL:https://www.debian.org/security/2018/dsa-4307 | GENTOO:GLSA-201805-02 | URL:https://security.gentoo.org/glsa/201805-02 | MISC:https://bugs.python.org/issue30657 | MLIST:[debian-lts-announce] 20171124 [SECURITY] [DLA 1189-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2017/11/msg00035.html | MLIST:[debian-lts-announce] 20171124 [SECURITY] [DLA 1190-1] python2.6 security update | URL:https://lists.debian.org/debian-lts-announce/2017/11/msg00036.html | MLIST:[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html | MLIST:[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html | SECTRACK:1039890 | URL:http://www.securitytracker.com/id/1039890;Assigned (20171116);None (candidate not yet proposed) +CVE-2017-1000246;Candidate;Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.;MISC:https://github.com/rohe/pysaml2/issues/417;Assigned (20171116);None (candidate not yet proposed) +CVE-2017-1000433;Candidate;pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.;CONFIRM:https://github.com/rohe/pysaml2/issues/451 | GENTOO:GLSA-201801-11 | URL:https://security.gentoo.org/glsa/201801-11 | MLIST:[debian-lts-announce] 20180701 [SECURITY] [DLA 1410-1] python-pysaml2 security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00000.html | MLIST:[debian-lts-announce] 20210226 [SECURITY] [DLA 2577-1] python-pysaml2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html;Assigned (20180102);None (candidate not yet proposed) +CVE-2017-1000483;Candidate;Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.;MISC:https://plone.org/security/hotfix/20171128/sandbox-escape;Assigned (20180103);None (candidate not yet proposed) +CVE-2017-1002150;Candidate;python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection;MISC:https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929 | MISC:https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch;Assigned (20170823);None (candidate not yet proposed) +CVE-2017-10803;Candidate;In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.;CONFIRM:https://github.com/odoo/odoo/issues/17898;Assigned (20170703);None (candidate not yet proposed) +CVE-2017-11427;Candidate;OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.;MISC:https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations | MISC:https://www.kb.cert.org/vuls/id/475445;Assigned (20170718);None (candidate not yet proposed) +CVE-2017-12301;Candidate;A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. This vulnerability affects the following Cisco products if they are running Cisco NX-OS Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches - Standalone, NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvb86832, CSCvd86474, CSCvd86479, CSCvd86484, CSCvd86490, CSCve97102, CSCvf12757, CSCvf12804, CSCvf12815, CSCvf15198.;CONFIRM:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe | SECTRACK:1039622 | URL:http://www.securitytracker.com/id/1039622;Assigned (20170803);None (candidate not yet proposed) +CVE-2017-12340;Candidate;A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.;BID:102069 | URL:http://www.securityfocus.com/bid/102069 | CONFIRM:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch;Assigned (20170803);None (candidate not yet proposed) +CVE-2017-12653;Candidate;360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.;MISC:https://blogs.securiteam.com/index.php/archives/3314#more-3314;Assigned (20170807);None (candidate not yet proposed) +CVE-2017-13718;Candidate;"The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called ""rodman"" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to ""*"", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.";BUGTRAQ:20190609 Newly releases IoT security issues | URL:https://seclists.org/bugtraq/2019/Jun/8 | MISC:http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html | MISC:https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf;Assigned (20170828);None (candidate not yet proposed) +CVE-2017-14483;Candidate;"flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a ""kill `cat /pathname`"" command.";CONFIRM:https://bugs.gentoo.org/631020;Assigned (20170915);None (candidate not yet proposed) +CVE-2017-16615;Candidate;An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.;CONFIRM:https://github.com/thanethomson/MLAlchemy/commit/bc795757febdcce430d89f9d08f75c32d6989d3c | CONFIRM:https://github.com/thanethomson/MLAlchemy/issues/1 | MISC:https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16615-critical-restful-web-applications-vulnerability/;Assigned (20171106);None (candidate not yet proposed) +CVE-2017-16616;Candidate;An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.;CONFIRM:https://github.com/Stranger6667/pyanyapi/issues/41 | CONFIRM:https://github.com/Stranger6667/pyanyapi/releases/tag/0.6.1 | CONFIRM:https://pypi.python.org/pypi/pyanyapi/0.6.1 | MISC:https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16616-yamlparser-in-pyanyapi/;Assigned (20171106);None (candidate not yet proposed) +CVE-2017-16618;Candidate;"An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A ""Load YAML"" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.";CONFIRM:https://github.com/tadashi-aikawa/owlmixin/commit/5d0575303f6df869a515ced4285f24ba721e0d4e | CONFIRM:https://github.com/tadashi-aikawa/owlmixin/issues/12 | MISC:https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16618-convert-through-owlmixin/;Assigned (20171106);None (candidate not yet proposed) +CVE-2017-16763;Candidate;"An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from ""~/.confire.yaml"" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.";CONFIRM:https://github.com/bbengfort/confire/commit/8cc86a5ec2327e070f1d576d61bbaadf861597ea | MISC:https://github.com/bbengfort/confire/issues/24 | MISC:https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16763-configure-loaded-through-confire/;Assigned (20171110);None (candidate not yet proposed) +CVE-2017-16764;Candidate;An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.;MISC:https://github.com/illagrenan/django-make-app/issues/5 | MISC:https://joel-malwarebenchmark.github.io/blog/2017/11/12/cve-2017-16764-vulnerability-in-django-make-app/;Assigned (20171110);None (candidate not yet proposed) +CVE-2017-17522;Candidate;** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.;BID:102207 | URL:http://www.securityfocus.com/bid/102207 | MISC:https://bugs.python.org/issue32367 | MISC:https://security-tracker.debian.org/tracker/CVE-2017-17522;Assigned (20171211);None (candidate not yet proposed) +CVE-2017-18207;Candidate;"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications ""need to be prepared to handle a wide variety of exceptions.""";MISC:https://bugs.python.org/issue32056 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20180228);None (candidate not yet proposed) +CVE-2017-20052;Candidate;A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.;CONFIRM:https://security.netapp.com/advisory/ntap-20220804-0005/ | MISC:http://seclists.org/fulldisclosure/2017/Feb/92 | URL:http://seclists.org/fulldisclosure/2017/Feb/92 | MISC:https://vuldb.com/?id.97822 | URL:https://vuldb.com/?id.97822;Assigned (20220613);None (candidate not yet proposed) +CVE-2017-2592;Candidate;python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).;BID:95827 | URL:http://www.securityfocus.com/bid/95827 | CONFIRM:http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html | CONFIRM:https://access.redhat.com/errata/RHSA-2017:0300 | CONFIRM:https://access.redhat.com/errata/RHSA-2017:0435 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592 | MISC:https://bugs.launchpad.net/keystonemiddleware/+bug/1628031 | MISC:https://review.openstack.org/#/c/425730/ | MISC:https://review.openstack.org/#/c/425732/ | MISC:https://review.openstack.org/#/c/425734/ | REDHAT:RHSA-2017:0300 | URL:http://rhn.redhat.com/errata/RHSA-2017-0300.html | REDHAT:RHSA-2017:0435 | URL:http://rhn.redhat.com/errata/RHSA-2017-0435.html | UBUNTU:USN-3666-1 | URL:https://usn.ubuntu.com/3666-1/;Assigned (20161201);None (candidate not yet proposed) +CVE-2017-2809;Candidate;An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.;BID:100824 | URL:http://www.securityfocus.com/bid/100824 | CONFIRM:https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt | URL:https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt | CONFIRM:https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04 | URL:https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04 | CONFIRM:https://github.com/tomoh1r/ansible-vault/issues/4 | URL:https://github.com/tomoh1r/ansible-vault/issues/4 | MISC:https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305 | URL:https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305;Assigned (20161201);None (candidate not yet proposed) +CVE-2017-2810;Candidate;An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.;BID:99076 | URL:http://www.securityfocus.com/bid/99076 | GENTOO:GLSA-201811-18 | URL:https://security.gentoo.org/glsa/201811-18 | MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2017-0307 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2017-0307;Assigned (20161201);None (candidate not yet proposed) +CVE-2017-3590;Candidate;"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";BID:97840 | URL:http://www.securityfocus.com/bid/97840 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287;Assigned (20161206);None (candidate not yet proposed) +CVE-2017-5524;Candidate;Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.;BID:95679 | URL:http://www.securityfocus.com/bid/95679 | CONFIRM:https://plone.org/security/hotfix/20170117/sandbox-escape | MLIST:[oss-security] 20170118 Re: CVE Request: Plone Sandbox escape vulnerability | URL:http://www.openwall.com/lists/oss-security/2017/01/18/6;Assigned (20170118);None (candidate not yet proposed) +CVE-2017-6900;Candidate;An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI.;MISC:https://blog.synack.co.uk/2017/01/31/my-first-exploit-db-post/ | MISC:https://web.archive.org/web/20170205100702/https://blog.synack.co.uk/2017/01/31/my-first-exploit-db-post/;Assigned (20170314);None (candidate not yet proposed) +CVE-2017-7235;Candidate;An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.;BID:97191 | URL:http://www.securityfocus.com/bid/97191 | CONFIRM:https://github.com/Anorov/cloudflare-scrape/issues/97 | CONFIRM:https://github.com/Anorov/cloudflare-scrape/releases/tag/1.8.0;Assigned (20170323);None (candidate not yet proposed) +CVE-2017-9462;Candidate;"In Mercurial before 4.1.3, ""hg serve --stdio"" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.";BID:99123 | URL:http://www.securityfocus.com/bid/99123 | CONFIRM:https://bugs.debian.org/861243 | CONFIRM:https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 | CONFIRM:https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 | DEBIAN:DSA-3963 | URL:http://www.debian.org/security/2017/dsa-3963 | GENTOO:GLSA-201709-18 | URL:https://security.gentoo.org/glsa/201709-18 | MLIST:[debian-lts-announce] 20180705 [SECURITY] [DLA 1414-1] mercurial security update | URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html | REDHAT:RHSA-2017:1576 | URL:https://access.redhat.com/errata/RHSA-2017:1576;Assigned (20170606);None (candidate not yet proposed) +CVE-2017-9807;Candidate;"An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of ""plugin/controllers/models/config.py"" performs an eval() call on the contents of the ""key"" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.";BID:99232 | URL:http://www.securityfocus.com/bid/99232 | CONFIRM:https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/issues/620 | MISC:https://census-labs.com/news/2017/10/02/e2openplugin-openwebif-saveconfig-remote-code-execution/ | MLIST:[oss-security] 20171002 CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation | URL:http://www.openwall.com/lists/oss-security/2017/10/02/4;Assigned (20170621);None (candidate not yet proposed) +CVE-2018-0015;Candidate;"A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue.";CONFIRM:https://kb.juniper.net/JSA10843;Assigned (20171116);None (candidate not yet proposed) +CVE-2018-0023;Candidate;JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. The default configuration and sample files of JSNAPy automation tool versions prior to 1.3.0 are created world writable. This insecure file and directory permission allows unprivileged local users to alter the files under this directory including inserting operations not intended by the package maintainer, system administrator, or other users. This issue only affects users who downloaded and installed JSNAPy from github.;BID:103745 | URL:http://www.securityfocus.com/bid/103745 | CONFIRM:https://kb.juniper.net/JSA10856;Assigned (20171116);None (candidate not yet proposed) +CVE-2018-1000030;Candidate;Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.;CONFIRM:https://bugs.python.org/issue31530 | GENTOO:GLSA-201811-02 | URL:https://security.gentoo.org/glsa/201811-02 | MISC:https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view | MISC:https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0 | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | UBUNTU:USN-3817-1 | URL:https://usn.ubuntu.com/3817-1/ | UBUNTU:USN-3817-2 | URL:https://usn.ubuntu.com/3817-2/;Assigned (20180208);None (candidate not yet proposed) +CVE-2018-1000117;Candidate;Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.;CONFIRM:https://bugs.python.org/issue33001 | CONFIRM:https://github.com/python/cpython/pull/5989;Assigned (20180307);None (candidate not yet proposed) +CVE-2018-1000802;Candidate;Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.;CONFIRM:https://bugs.python.org/issue34540 | CONFIRM:https://github.com/python/cpython/pull/8985 | CONFIRM:https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace | CONFIRM:https://security.netapp.com/advisory/ntap-20230309-0002/ | DEBIAN:DSA-4306 | URL:https://www.debian.org/security/2018/dsa-4306 | MISC:https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig | MLIST:[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html | MLIST:[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-3817-1 | URL:https://usn.ubuntu.com/3817-1/ | UBUNTU:USN-3817-2 | URL:https://usn.ubuntu.com/3817-2/;Assigned (20180918);None (candidate not yet proposed) +CVE-2018-1000807;Candidate;Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0.;CONFIRM:https://github.com/pyca/pyopenssl/pull/723 | MISC:https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509 | REDHAT:RHSA-2019:0085 | URL:https://access.redhat.com/errata/RHSA-2019:0085 | SUSE:openSUSE-SU-2019:1104 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html | UBUNTU:USN-3813-1 | URL:https://usn.ubuntu.com/3813-1/;Assigned (20181008);None (candidate not yet proposed) +CVE-2018-1000808;Candidate;Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.;CONFIRM:https://github.com/pyca/pyopenssl/pull/723 | REDHAT:RHSA-2019:0085 | URL:https://access.redhat.com/errata/RHSA-2019:0085 | SUSE:openSUSE-SU-2019:1104 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00014.html | UBUNTU:USN-3813-1 | URL:https://usn.ubuntu.com/3813-1/;Assigned (20181008);None (candidate not yet proposed) +CVE-2018-1060;Candidate;python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.;CONFIRM:https://bugs.python.org/issue32981 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1060 | CONFIRM:https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 | CONFIRM:https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 | CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us | DEBIAN:DSA-4306 | URL:https://www.debian.org/security/2018/dsa-4306 | DEBIAN:DSA-4307 | URL:https://www.debian.org/security/2018/dsa-4307 | FEDORA:FEDORA-2019-51f1e08207 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ | FEDORA:FEDORA-2019-6e1938a3c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ | FEDORA:FEDORA-2019-cf725dd20b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ | MISC:https://www.oracle.com/security-alerts/cpujan2020.html | MLIST:[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html | MLIST:[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html | REDHAT:RHBA-2019:0327 | URL:https://access.redhat.com/errata/RHBA-2019:0327 | REDHAT:RHSA-2018:3041 | URL:https://access.redhat.com/errata/RHSA-2018:3041 | REDHAT:RHSA-2018:3505 | URL:https://access.redhat.com/errata/RHSA-2018:3505 | REDHAT:RHSA-2019:1260 | URL:https://access.redhat.com/errata/RHSA-2019:1260 | REDHAT:RHSA-2019:3725 | URL:https://access.redhat.com/errata/RHSA-2019:3725 | SECTRACK:1042001 | URL:http://www.securitytracker.com/id/1042001 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-3817-1 | URL:https://usn.ubuntu.com/3817-1/ | UBUNTU:USN-3817-2 | URL:https://usn.ubuntu.com/3817-2/;Assigned (20171204);None (candidate not yet proposed) +CVE-2018-1061;Candidate;python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.;CONFIRM:https://bugs.python.org/issue32981 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1061 | CONFIRM:https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-6-release-candidate-1 | CONFIRM:https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-release-candidate-1 | CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03951en_us | DEBIAN:DSA-4306 | URL:https://www.debian.org/security/2018/dsa-4306 | DEBIAN:DSA-4307 | URL:https://www.debian.org/security/2018/dsa-4307 | FEDORA:FEDORA-2019-51f1e08207 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ | FEDORA:FEDORA-2019-6e1938a3c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ | FEDORA:FEDORA-2019-cf725dd20b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ | MLIST:[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html | MLIST:[debian-lts-announce] 20180926 [SECURITY] [DLA 1520-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html | REDHAT:RHBA-2019:0327 | URL:https://access.redhat.com/errata/RHBA-2019:0327 | REDHAT:RHSA-2018:3041 | URL:https://access.redhat.com/errata/RHSA-2018:3041 | REDHAT:RHSA-2018:3505 | URL:https://access.redhat.com/errata/RHSA-2018:3505 | REDHAT:RHSA-2019:1260 | URL:https://access.redhat.com/errata/RHSA-2019:1260 | REDHAT:RHSA-2019:3725 | URL:https://access.redhat.com/errata/RHSA-2019:3725 | SECTRACK:1042001 | URL:http://www.securitytracker.com/id/1042001 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-3817-1 | URL:https://usn.ubuntu.com/3817-1/ | UBUNTU:USN-3817-2 | URL:https://usn.ubuntu.com/3817-2/;Assigned (20171204);None (candidate not yet proposed) +CVE-2018-10903;Candidate;A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903 | CONFIRM:https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef | REDHAT:RHSA-2018:3600 | URL:https://access.redhat.com/errata/RHSA-2018:3600 | UBUNTU:USN-3720-1 | URL:https://usn.ubuntu.com/3720-1/;Assigned (20180509);None (candidate not yet proposed) +CVE-2018-12175;Candidate;Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.;CONFIRM:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html;Assigned (20180611);None (candidate not yet proposed) +CVE-2018-14572;Candidate;In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.;MISC:https://github.com/PyconUK/ConferenceScheduler-cli/issues/19 | MISC:https://joel-malwarebenchmark.github.io/blog/2020/04/25/cve-2018-14572-conference-scheduler-cli/;Assigned (20180723);None (candidate not yet proposed) +CVE-2018-14647;Candidate;Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.;BID:105396 | URL:http://www.securityfocus.com/bid/105396 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647 | DEBIAN:DSA-4306 | URL:https://www.debian.org/security/2018/dsa-4306 | DEBIAN:DSA-4307 | URL:https://www.debian.org/security/2018/dsa-4307 | FEDORA:FEDORA-2019-0c91ce7b3c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/ | MISC:https://bugs.python.org/issue34623 | MLIST:[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image | URL:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E | MLIST:[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html | MLIST:[debian-lts-announce] 20190625 [SECURITY] [DLA 1835-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html | REDHAT:RHSA-2019:1260 | URL:https://access.redhat.com/errata/RHSA-2019:1260 | REDHAT:RHSA-2019:2030 | URL:https://access.redhat.com/errata/RHSA-2019:2030 | REDHAT:RHSA-2019:3725 | URL:https://access.redhat.com/errata/RHSA-2019:3725 | SECTRACK:1041740 | URL:http://www.securitytracker.com/id/1041740 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-3817-1 | URL:https://usn.ubuntu.com/3817-1/ | UBUNTU:USN-3817-2 | URL:https://usn.ubuntu.com/3817-2/;Assigned (20180727);None (candidate not yet proposed) +CVE-2018-14649;Candidate;It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.;MISC:105434 | URL:http://www.securityfocus.com/bid/105434 | MISC:RHSA-2018:2837 | URL:https://access.redhat.com/errata/RHSA-2018:2837 | MISC:RHSA-2018:2838 | URL:https://access.redhat.com/errata/RHSA-2018:2838 | MISC:https://access.redhat.com/articles/3623521 | URL:https://access.redhat.com/articles/3623521 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649 | MISC:https://github.com/ceph/ceph-iscsi-cli/issues/120 | URL:https://github.com/ceph/ceph-iscsi-cli/issues/120 | MISC:https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b | URL:https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b;Assigned (20180727);None (candidate not yet proposed) +CVE-2018-15747;Candidate;"The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a ""python"" ""files"" ""content"" JSON file.";MISC:https://github.com/prasmussen/glot-code-runner/issues/15;Assigned (20180823);None (candidate not yet proposed) +CVE-2018-16168;Candidate;LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors.;MISC:https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1 | MISC:https://jvn.jp/en/vu/JVNVU98026636/index.html;Assigned (20180830);None (candidate not yet proposed) +CVE-2018-16858;Candidate;It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.;BUGTRAQ:20190815 [SECURITY] [DSA 4501-1] libreoffice security update | URL:https://seclists.org/bugtraq/2019/Aug/28 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858 | EXPLOIT-DB:46727 | URL:https://www.exploit-db.com/exploits/46727/ | MISC:http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html | MISC:http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec | MISC:https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/ | REDHAT:RHSA-2019:2130 | URL:https://access.redhat.com/errata/RHSA-2019:2130 | SUSE:openSUSE-SU-2019:1929 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html;Assigned (20180911);None (candidate not yet proposed) +CVE-2018-17175;Candidate;"In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema ""only"" option treats an empty list as implying no ""only"" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the ""only"" option, and there is a user role that produces an empty value for ""only"").";MISC:https://github.com/marshmallow-code/marshmallow/issues/772 | MISC:https://github.com/marshmallow-code/marshmallow/pull/777 | MISC:https://github.com/marshmallow-code/marshmallow/pull/782;Assigned (20180918);None (candidate not yet proposed) +CVE-2018-18074;Candidate;The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.;CONFIRM:http://docs.python-requests.org/en/master/community/updates/#release-and-version-history | URL:http://docs.python-requests.org/en/master/community/updates/#release-and-version-history | MISC:https://bugs.debian.org/910766 | URL:https://bugs.debian.org/910766 | MISC:https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff | URL:https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff | MISC:https://github.com/requests/requests/issues/4716 | URL:https://github.com/requests/requests/issues/4716 | MISC:https://github.com/requests/requests/pull/4718 | URL:https://github.com/requests/requests/pull/4718 | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | REDHAT:RHSA-2019:2035 | URL:https://access.redhat.com/errata/RHSA-2019:2035 | SUSE:openSUSE-SU-2019:1754 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00024.html | UBUNTU:USN-3790-1 | URL:https://usn.ubuntu.com/3790-1/ | UBUNTU:USN-3790-2 | URL:https://usn.ubuntu.com/3790-2/;Assigned (20181009);None (candidate not yet proposed) +CVE-2018-19646;Candidate;The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.;EXPLOIT-DB:45542 | URL:https://www.exploit-db.com/exploits/45542;Assigned (20181128);None (candidate not yet proposed) +CVE-2018-20061;Candidate;"A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call.";MISC:https://github.com/frappe/erpnext/issues/15337;Assigned (20181211);None (candidate not yet proposed) +CVE-2018-20325;Candidate;There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.;MISC:https://github.com/danijar/definitions/issues/14;Assigned (20181221);None (candidate not yet proposed) +CVE-2018-20406;Candidate;"Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a ""resize to twice the size"" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.";CONFIRM:https://security.netapp.com/advisory/ntap-20190416-0010/ | FEDORA:FEDORA-2019-51f1e08207 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46PVWY5LFP4BRPG3BVQ5QEEFYBVEXHCK/ | FEDORA:FEDORA-2019-6b02154aa0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICBEGRHIPHWPG2VGYS6R4EVKVUUF4AQW/ | FEDORA:FEDORA-2019-6baeb15da3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3LXPABKVLFYUHRYJPM3CSS5MS6FXKS7/ | FEDORA:FEDORA-2019-6e1938a3c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/ | FEDORA:FEDORA-2019-7d9f3cf3ce | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TR6GCO3WTV4D5L23WTCBF275VE6BVNI3/ | FEDORA:FEDORA-2019-cf725dd20b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AEZ5IQT7OF7Q2NCGIVABOWYGKO7YU3NJ/ | MISC:https://bugs.python.org/issue34656 | MISC:https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd | MLIST:[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | REDHAT:RHSA-2019:3725 | URL:https://access.redhat.com/errata/RHSA-2019:3725 | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-4127-1 | URL:https://usn.ubuntu.com/4127-1/ | UBUNTU:USN-4127-2 | URL:https://usn.ubuntu.com/4127-2/;Assigned (20181223);None (candidate not yet proposed) +CVE-2018-20852;Candidate;http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.;FEDORA:FEDORA-2019-0d3fcae639 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/ | FEDORA:FEDORA-2019-74ba24605e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/ | FEDORA:FEDORA-2019-758824a3ff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/ | GENTOO:GLSA-202003-26 | URL:https://security.gentoo.org/glsa/202003-26 | MISC:https://bugs.python.org/issue35121 | MISC:https://python-security.readthedocs.io/vuln/cookie-domain-check.html | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | MLIST:[debian-lts-announce] 20190817 [SECURITY] [DLA 1889-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html | MLIST:[debian-lts-announce] 20190831 [SECURITY] [DLA 1906-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2019/08/msg00040.html | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | MLIST:[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html | REDHAT:RHSA-2019:3725 | URL:https://access.redhat.com/errata/RHSA-2019:3725 | REDHAT:RHSA-2019:3948 | URL:https://access.redhat.com/errata/RHSA-2019:3948 | SUSE:openSUSE-SU-2019:1988 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00071.html | SUSE:openSUSE-SU-2019:1989 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00074.html | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-4127-1 | URL:https://usn.ubuntu.com/4127-1/ | UBUNTU:USN-4127-2 | URL:https://usn.ubuntu.com/4127-2/;Assigned (20190713);None (candidate not yet proposed) +CVE-2018-25082;Candidate;A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.;MISC:https://github.com/zwczou/weixin-python/commit/e54abadc777715b6dcb545c13214d1dea63df6c9 | URL:https://github.com/zwczou/weixin-python/commit/e54abadc777715b6dcb545c13214d1dea63df6c9 | MISC:https://github.com/zwczou/weixin-python/pull/30 | URL:https://github.com/zwczou/weixin-python/pull/30 | MISC:https://github.com/zwczou/weixin-python/releases/tag/v0.5.5 | URL:https://github.com/zwczou/weixin-python/releases/tag/v0.5.5 | MISC:https://vuldb.com/?ctiid.223403 | URL:https://vuldb.com/?ctiid.223403 | MISC:https://vuldb.com/?id.223403 | URL:https://vuldb.com/?id.223403;Assigned (20230319);None (candidate not yet proposed) +CVE-2018-2753;Candidate;Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).;BID:103879 | URL:http://www.securityfocus.com/bid/103879 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | SECTRACK:1040702 | URL:http://www.securitytracker.com/id/1040702;Assigned (20171215);None (candidate not yet proposed) +CVE-2018-3650;Candidate;Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.;CONFIRM:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html;Assigned (20171228);None (candidate not yet proposed) +CVE-2018-5773;Candidate;An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.;MISC:https://github.com/trentm/python-markdown2/issues/285;Assigned (20180118);None (candidate not yet proposed) +CVE-2018-6012;Candidate;The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function.;MISC:http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger;Assigned (20180122);None (candidate not yet proposed) +CVE-2018-6353;Candidate;The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.;MISC:https://github.com/spesmilo/electrum/issues/3678 | MISC:https://github.com/spesmilo/electrum/pull/3700;Assigned (20180127);None (candidate not yet proposed) +CVE-2018-6461;Candidate;March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory.;CONFIRM:http://march-hare.com/cvspro/vulnwincvs.htm | FULLDISC:20180209 CVS Suite 2009R2 Insecure Library Loading CVE-2018-6461 | URL:http://seclists.org/fulldisclosure/2018/Feb/24 | MISC:http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOADING-CVE-2018-6461.txt | MISC:http://packetstormsecurity.com/files/146267/WINCVS-2009R2-DLL-Hijacking.html;Assigned (20180131);None (candidate not yet proposed) +CVE-2018-7889;Candidate;gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.;CONFIRM:https://bugs.launchpad.net/calibre/+bug/1753870 | CONFIRM:https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d;Assigned (20180308);None (candidate not yet proposed) +CVE-2019-10099;Candidate;"Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs.";MISC:https://lists.apache.org/thread.html/c2a39c207421797f82823a8aff488dcd332d9544038307bf69a2ba9e@%3Cuser.spark.apache.org%3E | MLIST:[spark-commits] 20200622 [spark-website] branch asf-site updated: CVE-2020-9480 details (#275) | URL:https://lists.apache.org/thread.html/ra216b7b0dd82a2c12c2df9d6095e689eb3f3d28164e6b6587da69fae@%3Ccommits.spark.apache.org%3E | MLIST:[spark-issues] 20200318 [jira] [Commented] (SPARK-28626) Spark leaves unencrypted data on local disk, even with encryption turned on (CVE-2019-10099) | URL:https://lists.apache.org/thread.html/rabe1d47e2bf8b8f6d9f3068c8d2679731d57fa73b3a7ed1fa82406d2@%3Cissues.spark.apache.org%3E;Assigned (20190326);None (candidate not yet proposed) +CVE-2019-10138;Candidate;A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10138 | MISC:https://review.opendev.org/#/c/631240/;Assigned (20190327);None (candidate not yet proposed) +CVE-2019-10160;Candidate;A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.;MISC:FEDORA-2019-2b1f72899a | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/ | MISC:FEDORA-2019-50772cf122 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/ | MISC:FEDORA-2019-57462fa10d | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ | MISC:FEDORA-2019-5dc275c9f2 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/ | MISC:FEDORA-2019-60a1defcd1 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/ | MISC:FEDORA-2019-7723d4774a | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/ | MISC:FEDORA-2019-7df59302e0 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/ | MISC:FEDORA-2019-9bfb4a3e4b | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/ | MISC:FEDORA-2019-b06ec6159b | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ | MISC:FEDORA-2019-d202cda4f8 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ | MISC:RHSA-2019:1587 | URL:https://access.redhat.com/errata/RHSA-2019:1587 | MISC:RHSA-2019:1700 | URL:https://access.redhat.com/errata/RHSA-2019:1700 | MISC:RHSA-2019:2437 | URL:https://access.redhat.com/errata/RHSA-2019:2437 | MISC:USN-4127-1 | URL:https://usn.ubuntu.com/4127-1/ | MISC:USN-4127-2 | URL:https://usn.ubuntu.com/4127-2/ | MISC:[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image | URL:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E | MISC:[debian-lts-announce] 20190625 [SECURITY] [DLA 1834-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html | MISC:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | MISC:[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10160 | MISC:https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 | URL:https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 | MISC:https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e | URL:https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e | MISC:https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de | URL:https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de | MISC:https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468 | URL:https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468 | MISC:https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html | URL:https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html | MISC:https://security.netapp.com/advisory/ntap-20190617-0003/ | URL:https://security.netapp.com/advisory/ntap-20190617-0003/ | MISC:openSUSE-SU-2019:1906 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00042.html | MISC:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html;Assigned (20190327);None (candidate not yet proposed) +CVE-2019-10633;Candidate;An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs.;MISC:http://maxwelldulin.com/BlogPost?post=3236967424;Assigned (20190329);None (candidate not yet proposed) +CVE-2019-11236;Candidate;In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.;FEDORA:FEDORA-2019-20bc611b61 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBI45HO533KYHNB5YRO43TBYKA3E3VRL/ | FEDORA:FEDORA-2019-fbda9f1e49 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R62XGEYPUTXMRHGX5I37EBCGQ5COHGKR/ | FEDORA:FEDORA-2020-6148c44137 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/ | FEDORA:FEDORA-2020-d0d9ad17d8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/ | MISC:https://github.com/urllib3/urllib3/issues/1553 | MLIST:[debian-lts-announce] 20190620 [SECURITY] [DLA 1828-1] python-urllib3 security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00016.html | MLIST:[debian-lts-announce] 20210615 [SECURITY] [DLA 2686-1] python-urllib3 security update | URL:https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html | MLIST:[debian-lts-announce] 20231008 [SECURITY] [DLA 3610-1] python-urllib3 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html | REDHAT:RHSA-2019:2272 | URL:https://access.redhat.com/errata/RHSA-2019:2272 | REDHAT:RHSA-2019:3335 | URL:https://access.redhat.com/errata/RHSA-2019:3335 | REDHAT:RHSA-2019:3590 | URL:https://access.redhat.com/errata/RHSA-2019:3590 | SUSE:openSUSE-SU-2019:2131 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html | SUSE:openSUSE-SU-2019:2133 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html | UBUNTU:USN-3990-1 | URL:https://usn.ubuntu.com/3990-1/ | UBUNTU:USN-3990-2 | URL:https://usn.ubuntu.com/3990-2/;Assigned (20190415);None (candidate not yet proposed) +CVE-2019-11324;Candidate;The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.;FEDORA:FEDORA-2020-6148c44137 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/ | FEDORA:FEDORA-2020-d0d9ad17d8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/ | MISC:https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4 | MLIST:[debian-lts-announce] 20210615 [SECURITY] [DLA 2686-1] python-urllib3 security update | URL:https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html | MLIST:[debian-lts-announce] 20231008 [SECURITY] [DLA 3610-1] python-urllib3 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html | MLIST:[oss-security] 20190418 Re: urllib3: adds system certificates to ssl_context | URL:http://www.openwall.com/lists/oss-security/2019/04/19/1 | REDHAT:RHSA-2019:3335 | URL:https://access.redhat.com/errata/RHSA-2019:3335 | REDHAT:RHSA-2019:3590 | URL:https://access.redhat.com/errata/RHSA-2019:3590 | SUSE:openSUSE-SU-2019:2131 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html | SUSE:openSUSE-SU-2019:2133 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html | UBUNTU:USN-3990-1 | URL:https://usn.ubuntu.com/3990-1/;Assigned (20190418);None (candidate not yet proposed) +CVE-2019-11340;Candidate;util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.;MISC:https://github.com/matrix-org/sydent/commit/4e1cfff53429c49c87d5c457a18ed435520044fc | MISC:https://github.com/matrix-org/sydent/compare/7c002cd...09278fb | MISC:https://matrix.org/blog/2019/04/18/security-update-sydent-1-0-2/ | MISC:https://twitter.com/matrixdotorg/status/1118934335963500545;Assigned (20190419);None (candidate not yet proposed) +CVE-2019-12408;Candidate;It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.;CONFIRM:https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E | MLIST:[announce] 20191108 [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 | URL:https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E;Assigned (20190528);None (candidate not yet proposed) +CVE-2019-12410;Candidate;While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.;CONFIRM:https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E | MLIST:[announce] 20191108 [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 | URL:https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E | MLIST:[arrow-dev] 20191108 [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 | URL:https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E | MLIST:[oss-security] 20191107 [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 | URL:http://www.openwall.com/lists/oss-security/2019/11/08/1;Assigned (20190528);None (candidate not yet proposed) +CVE-2019-12761;Candidate;A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.;MISC:https://gist.github.com/dhondta/b45cd41f4186110a354dc7272916feba | MISC:https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562 | MLIST:[debian-lts-announce] 20190616 [SECURITY] [DLA 1819-1] pyxdg security update | URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00006.html | MLIST:[debian-lts-announce] 20210803 [SECURITY] [DLA 2727-1] pyxdg security update | URL:https://lists.debian.org/debian-lts-announce/2021/08/msg00003.html;Assigned (20190606);None (candidate not yet proposed) +CVE-2019-13404;Candidate;** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x.;MISC:https://docs.python.org/2/faq/windows.html;Assigned (20190707);None (candidate not yet proposed) +CVE-2019-13611;Candidate;An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.;MISC:https://github.com/miguelgrinberg/python-engineio/issues/128;Assigned (20190715);None (candidate not yet proposed) +CVE-2019-14347;Candidate;Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.;MISC:http://packetstormsecurity.com/files/155213/Adive-Framework-2.0.7-Privilege-Escalation.html | MISC:https://github.com/ferdinandmartin/adive-php | MISC:https://hackpuntes.com/cve-2019-14347-escalacion-de-privilegios-en-adive/;Assigned (20190728);None (candidate not yet proposed) +CVE-2019-14853;Candidate;An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.;BUGTRAQ:20191218 [SECURITY] [DSA 4588-1] python-ecdsa security update | URL:https://seclists.org/bugtraq/2019/Dec/33 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14853 | DEBIAN:DSA-4588 | URL:https://www.debian.org/security/2019/dsa-4588 | MISC:https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3;Assigned (20190810);None (candidate not yet proposed) +CVE-2019-14859;Candidate;A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 | MISC:https://github.com/warner/python-ecdsa/issues/114 | MISC:https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3 | MISC:https://pypi.org/project/ecdsa/0.13.3/;Assigned (20190810);None (candidate not yet proposed) +CVE-2019-15790;Candidate;Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.;CONFIRM:https://bugs.launchpad.net/apport/+bug/1854237 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929 | CONFIRM:https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806 | CONFIRM:https://usn.ubuntu.com/4171-1/ | CONFIRM:https://usn.ubuntu.com/4171-2/ | CONFIRM:https://usn.ubuntu.com/4171-3/ | CONFIRM:https://usn.ubuntu.com/4171-4/ | CONFIRM:https://usn.ubuntu.com/4171-5/ | MISC:http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html;Assigned (20190829);None (candidate not yet proposed) +CVE-2019-15795;Candidate;python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.;UBUNTU:https://usn.ubuntu.com/4247-1/ | UBUNTU:https://usn.ubuntu.com/4247-3/;Assigned (20190829);None (candidate not yet proposed) +CVE-2019-15796;Candidate;Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.;UBUNTU:https://usn.ubuntu.com/4247-1/ | UBUNTU:https://usn.ubuntu.com/4247-3/;Assigned (20190829);None (candidate not yet proposed) +CVE-2019-16056;Candidate;"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.";CONFIRM:https://security.netapp.com/advisory/ntap-20190926-0005/ | URL:https://security.netapp.com/advisory/ntap-20190926-0005/ | FEDORA:FEDORA-2019-0d3fcae639 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/ | FEDORA:FEDORA-2019-232f092db0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QP46PQSUKYPGWTADQ67NOV3BUN6JM34Z/ | FEDORA:FEDORA-2019-2b1f72899a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/ | FEDORA:FEDORA-2019-4954d8773c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/ | FEDORA:FEDORA-2019-50772cf122 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/ | FEDORA:FEDORA-2019-57462fa10d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ | FEDORA:FEDORA-2019-5dc275c9f2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/ | FEDORA:FEDORA-2019-74ba24605e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/ | FEDORA:FEDORA-2019-758824a3ff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/ | FEDORA:FEDORA-2019-7ec5bb5d22 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/ | FEDORA:FEDORA-2019-986622833f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QASRD4E2G65GGEHYKVHYCXB2XWAGTNL4/ | FEDORA:FEDORA-2019-a268ba7b23 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/ | FEDORA:FEDORA-2019-aba3cca74a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/ | FEDORA:FEDORA-2019-b06ec6159b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ | FEDORA:FEDORA-2019-d202cda4f8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ | MISC:https://bugs.python.org/issue34155 | URL:https://bugs.python.org/issue34155 | MISC:https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 | URL:https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 | MISC:https://www.oracle.com/security-alerts/cpuapr2020.html | URL:https://www.oracle.com/security-alerts/cpuapr2020.html | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MLIST:[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image | URL:https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E | MLIST:[debian-lts-announce] 20190916 [SECURITY] [DLA 1924-1] python3.4 security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html | MLIST:[debian-lts-announce] 20190916 [SECURITY] [DLA 1925-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | MLIST:[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html | REDHAT:RHSA-2019:3725 | URL:https://access.redhat.com/errata/RHSA-2019:3725 | REDHAT:RHSA-2019:3948 | URL:https://access.redhat.com/errata/RHSA-2019:3948 | SUSE:openSUSE-SU-2019:2389 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html | SUSE:openSUSE-SU-2019:2393 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html | SUSE:openSUSE-SU-2019:2438 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html | SUSE:openSUSE-SU-2019:2453 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-4151-1 | URL:https://usn.ubuntu.com/4151-1/ | UBUNTU:USN-4151-2 | URL:https://usn.ubuntu.com/4151-2/;Assigned (20190906);None (candidate not yet proposed) +CVE-2019-16729;Candidate;pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.;DEBIAN:DSA-4555 | URL:https://www.debian.org/security/2019/dsa-4555 | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1 | MISC:https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/ | MISC:https://tracker.debian.org/news/1066790/accepted-pam-python-107-1-source-amd64-all-into-unstable/ | MLIST:[debian-lts-announce] 20191123 [SECURITY] [DLA 2000-1] pam-python security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00020.html | UBUNTU:USN-4552-1 | URL:https://usn.ubuntu.com/4552-1/ | UBUNTU:USN-4552-2 | URL:https://usn.ubuntu.com/4552-2/;Assigned (20190924);None (candidate not yet proposed) +CVE-2019-16935;Candidate;The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.;CONFIRM:https://security.netapp.com/advisory/ntap-20191017-0004/ | URL:https://security.netapp.com/advisory/ntap-20191017-0004/ | FEDORA:FEDORA-2019-0d3fcae639 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/ | FEDORA:FEDORA-2019-57462fa10d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ | FEDORA:FEDORA-2019-74ba24605e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/ | FEDORA:FEDORA-2019-758824a3ff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/ | FEDORA:FEDORA-2019-7ec5bb5d22 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/ | FEDORA:FEDORA-2019-a268ba7b23 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/ | FEDORA:FEDORA-2019-b06ec6159b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ | FEDORA:FEDORA-2019-d202cda4f8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ | MISC:https://bugs.python.org/issue38243 | URL:https://bugs.python.org/issue38243 | MISC:https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897 | URL:https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897 | MISC:https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213 | URL:https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213 | MISC:https://github.com/python/cpython/pull/16373 | URL:https://github.com/python/cpython/pull/16373 | MISC:https://www.oracle.com/security-alerts/cpujul2020.html | URL:https://www.oracle.com/security-alerts/cpujul2020.html | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | MLIST:[debian-lts-announce] 20210417 [SECURITY] [DLA 2628-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html | SUSE:openSUSE-SU-2019:2389 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html | SUSE:openSUSE-SU-2019:2393 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html | SUSE:openSUSE-SU-2019:2438 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html | SUSE:openSUSE-SU-2019:2453 | URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html | SUSE:openSUSE-SU-2020:0086 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html | UBUNTU:USN-4151-1 | URL:https://usn.ubuntu.com/4151-1/ | UBUNTU:USN-4151-2 | URL:https://usn.ubuntu.com/4151-2/;Assigned (20190928);None (candidate not yet proposed) +CVE-2019-17019;Candidate;When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72.;CONFIRM:https://www.mozilla.org/security/advisories/mfsa2020-01/ | MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1568003;Assigned (20190930);None (candidate not yet proposed) +CVE-2019-1727;Candidate;A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit.;BID:108341 | URL:http://www.securityfocus.com/bid/108341 | CISCO:20190515 Cisco NX-OS Software Python Parser Privilege Escalation Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-nxos-pyth-escal;Assigned (20181206);None (candidate not yet proposed) +CVE-2019-17514;Candidate;"library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated ""finds all the pathnames matching a specified pattern according to the rules used by the Unix shell,"" one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.";CONFIRM:https://security.netapp.com/advisory/ntap-20191107-0005/ | MISC:https://bugs.python.org/issue33275 | MISC:https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380 | MISC:https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405 | MISC:https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216 | MISC:https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip | MISC:https://twitter.com/LucasCMoore/status/1181615421922824192 | MISC:https://twitter.com/chris_bloke/status/1181997278136958976 | MISC:https://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.html | MISC:https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.html | MISC:https://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.html | MISC:https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.html | MISC:https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies | UBUNTU:USN-4428-1 | URL:https://usn.ubuntu.com/4428-1/;Assigned (20191012);None (candidate not yet proposed) +CVE-2019-17526;Candidate;"** DISPUTED ** An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is ""vulnerable by design"" and the current behavior will be retained.";MISC:https://gist.github.com/barrett092/0380a1c34c014e29b827d1f408381525 | MISC:https://github.com/sagemath/sagecell/commits/master | MISC:https://sethsec.blogspot.com/2016/11/exploiting-python-code-injection-in-web.html;Assigned (20191012);None (candidate not yet proposed) +CVE-2019-17626;Candidate;"ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with ' Window > Python"" option, Ghidra will try to execute the cmd.exe program from this working directory.";MISC:https://github.com/NationalSecurityAgency/ghidra/issues/107;Assigned (20191016);None (candidate not yet proposed) +CVE-2019-18348;Candidate;"An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.";CONFIRM:https://security.netapp.com/advisory/ntap-20191107-0004/ | URL:https://security.netapp.com/advisory/ntap-20191107-0004/ | FEDORA:FEDORA-2019-57462fa10d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ | FEDORA:FEDORA-2019-b06ec6159b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ | FEDORA:FEDORA-2019-d202cda4f8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ | FEDORA:FEDORA-2020-8bdd3fd7a4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/ | FEDORA:FEDORA-2020-ea5bdbcc90 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/ | MISC:https://bugs.python.org/issue30458#msg347282 | URL:https://bugs.python.org/issue30458#msg347282 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1727276 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1727276 | MISC:https://www.oracle.com/security-alerts/cpuoct2020.html | URL:https://www.oracle.com/security-alerts/cpuoct2020.html | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | SUSE:openSUSE-SU-2020:0696 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html | UBUNTU:USN-4333-1 | URL:https://usn.ubuntu.com/4333-1/ | UBUNTU:USN-4333-2 | URL:https://usn.ubuntu.com/4333-2/;Assigned (20191023);None (candidate not yet proposed) +CVE-2019-18874;Candidate;psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.;FEDORA:FEDORA-2020-021fb887ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG/ | FEDORA:FEDORA-2020-a06ebafad8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS/ | MISC:https://github.com/giampaolo/psutil/pull/1616 | MLIST:[debian-lts-announce] 20191118 [SECURITY] [DLA 1998-1] python-psutil security update | URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html | UBUNTU:USN-4204-1 | URL:https://usn.ubuntu.com/4204-1/;Assigned (20191112);None (candidate not yet proposed) +CVE-2019-19274;Candidate;typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.);FEDORA:FEDORA-2020-9b3dabc21c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/ | MISC:https://bugs.python.org/issue36495 | MISC:https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e | MISC:https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c | MISC:https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce | MISC:https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b;Assigned (20191126);None (candidate not yet proposed) +CVE-2019-19275;Candidate;typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.);FEDORA:FEDORA-2020-9b3dabc21c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/ | MISC:https://bugs.python.org/issue36495 | MISC:https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e | MISC:https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c | MISC:https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce | MISC:https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b;Assigned (20191126);None (candidate not yet proposed) +CVE-2019-19450;Candidate;"paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code"" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.";MISC:http://packetstormsecurity.com/files/157785/OpenEDX-Ironwood-2.5-Remote-Code-Execution.html | MISC:https://edx.readthedocs.io/projects/edx-developer-guide/en/latest/architecture.html | MISC:https://stark0de.com/2020/05/17/openedx-vulnerabilities.html;Assigned (20200518);None (candidate not yet proposed) +CVE-2020-13258;Candidate;Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.;MISC:https://github.com/contentful/the-example-app.py/issues/44;Assigned (20200521);None (candidate not yet proposed) +CVE-2020-13388;Candidate;An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.;CONFIRM:https://security.netapp.com/advisory/ntap-20200528-0002/ | MISC:https://joel-malwarebenchmark.github.io | MISC:https://joel-malwarebenchmark.github.io/blog/2020/04/27/cve-2020-13388-jw-util-vulnerability/;Assigned (20200522);None (candidate not yet proposed) +CVE-2020-13757;Candidate;Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).;CONFIRM:https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 | FEDORA:FEDORA-2020-253ebe55ff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/ | FEDORA:FEDORA-2020-5ed5627d2b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/ | MISC:https://github.com/sybrenstuvel/python-rsa/issues/146 | UBUNTU:USN-4478-1 | URL:https://usn.ubuntu.com/4478-1/;Assigned (20200601);None (candidate not yet proposed) +CVE-2020-13948;Candidate;"While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE.";MISC:https://lists.apache.org/thread.html/rdeee068ac1e0c43bd5b69830240f30598df15a2ef9f7998c7b29131e%40%3Cdev.superset.apache.org%3E | URL:https://lists.apache.org/thread.html/rdeee068ac1e0c43bd5b69830240f30598df15a2ef9f7998c7b29131e%40%3Cdev.superset.apache.org%3E | MLIST:[superset-notifications] 20201112 [GitHub] [incubator-superset] ktmud commented on pull request #11617: feat: support 'chevron' library for templating as jinja alternative | URL:https://lists.apache.org/thread.html/r0e35c7c5672a6146b962840be5c1a7b7461c05a71cd7ecc62774d155@%3Cnotifications.superset.apache.org%3E | MLIST:[superset-notifications] 20201112 [GitHub] [incubator-superset] robdiciuccio commented on pull request #11617: feat: support 'chevron' library for templating as jinja alternative | URL:https://lists.apache.org/thread.html/r4fc7115f6e63ac255c48fc68c0da592df55fe4be47cae6378d39ac22@%3Cnotifications.superset.apache.org%3E;Assigned (20200608);None (candidate not yet proposed) +CVE-2020-14343;Candidate;A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.;CONFIRM:https://github.com/SeldonIO/seldon-core/issues/2252 | MISC:https://github.com/yaml/pyyaml/issues/420 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1860466 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1860466 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html;Assigned (20200617);None (candidate not yet proposed) +CVE-2020-14422;Candidate;"Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.";CONFIRM:https://security.netapp.com/advisory/ntap-20200724-0004/ | URL:https://security.netapp.com/advisory/ntap-20200724-0004/ | FEDORA:FEDORA-2020-1ddd5273d6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/ | FEDORA:FEDORA-2020-705c6ea5be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCCZTAYZATTNSNEAXWA7U3HCO2OVQKT5/ | FEDORA:FEDORA-2020-87c0a0a52d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/ | FEDORA:FEDORA-2020-982b2950db | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/ | FEDORA:FEDORA-2020-b513391ca8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X36Y523UAZY5QFXZAAORNFY63HLBWX7N/ | FEDORA:FEDORA-2020-bb919e575e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/ | FEDORA:FEDORA-2020-c3b07cc5c9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/ | FEDORA:FEDORA-2020-c539babb0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/ | FEDORA:FEDORA-2020-d30881c970 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/ | FEDORA:FEDORA-2020-d808fdd597 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/ | FEDORA:FEDORA-2020-dfb11916cc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/ | FEDORA:FEDORA-2020-efb908b6a8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/ | GENTOO:GLSA-202008-01 | URL:https://security.gentoo.org/glsa/202008-01 | MISC:https://bugs.python.org/issue41004 | URL:https://bugs.python.org/issue41004 | MISC:https://github.com/python/cpython/pull/20956 | URL:https://github.com/python/cpython/pull/20956 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | MLIST:[debian-lts-announce] 20230515 [SECURITY] [DLA 3424-1] python-ipaddress security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00016.html | SUSE:openSUSE-SU-2020:0931 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00003.html | SUSE:openSUSE-SU-2020:0940 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00006.html | SUSE:openSUSE-SU-2020:0989 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00032.html | SUSE:openSUSE-SU-2020:1002 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00041.html | UBUNTU:USN-4428-1 | URL:https://usn.ubuntu.com/4428-1/;Assigned (20200618);None (candidate not yet proposed) +CVE-2020-15101;Candidate;In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.;CONFIRM:https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-7pmh-vrww-25xx | URL:https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-7pmh-vrww-25xx | MISC:https://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143 | URL:https://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15141;Candidate;In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk.;CONFIRM:https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj | URL:https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-7wgr-7666-7pwj | MISC:https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 | URL:https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 | MISC:https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 | URL:https://github.com/triaxtec/openapi-python-client/commit/3e7dfae5d0b3685abf1ede1bc6c086a116ac4746 | MISC:https://pypi.org/project/openapi-python-client | URL:https://pypi.org/project/openapi-python-client;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15142;Candidate;In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution.;CONFIRM:https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f | URL:https://github.com/triaxtec/openapi-python-client/security/advisories/GHSA-9x4c-63pf-525f | MISC:https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 | URL:https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 | MISC:https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a | URL:https://github.com/triaxtec/openapi-python-client/commit/f7a56aae32cba823a77a84a1f10400799b19c19a | MISC:https://pypi.org/project/openapi-python-client/ | URL:https://pypi.org/project/openapi-python-client/;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15163;Candidate;Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-the-middle attack) culminating in a version which has not been correctly signed to control the trust chain for future updates. This is fixed in version 0.12 and newer.;CONFIRM:https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7 | URL:https://github.com/theupdateframework/tuf/commit/3d342e648fbacdf43a13d7ba8886aaaf07334af7 | CONFIRM:https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg | URL:https://github.com/theupdateframework/tuf/security/advisories/GHSA-f8mr-jv2c-v8mg | MISC:https://github.com/theupdateframework/tuf/pull/885 | URL:https://github.com/theupdateframework/tuf/pull/885 | MISC:https://github.com/theupdateframework/tuf/releases/tag/v0.12.0 | URL:https://github.com/theupdateframework/tuf/releases/tag/v0.12.0 | MISC:https://pypi.org/project/tuf | URL:https://pypi.org/project/tuf;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15193;Candidate;In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v | MISC:https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8 | URL:https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8 | MISC:https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | URL:https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | SUSE:openSUSE-SU-2020:1766 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15207;Candidate;In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34 | MISC:https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a | URL:https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a | MISC:https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | URL:https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | SUSE:openSUSE-SU-2020:1766 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15251;Candidate;In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg.;CONFIRM:https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5 | URL:https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5 | MISC:https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg | URL:https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg | MISC:https://github.com/MirahezeBots/sopel-channelmgnt/pull/3 | URL:https://github.com/MirahezeBots/sopel-channelmgnt/pull/3 | MISC:https://phab.bots.miraheze.wiki/T117 | URL:https://phab.bots.miraheze.wiki/T117 | MISC:https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary/ | URL:https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary/ | MISC:https://pypi.org/project/sopel-plugins.channelmgnt/ | URL:https://pypi.org/project/sopel-plugins.channelmgnt/;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15271;Candidate;"In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in ""terminal"" and ""file_loader"" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.";CONFIRM:https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q | URL:https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q | MISC:https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 | URL:https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 | MISC:https://github.com/d0c-s4vage/lookatme/pull/110 | URL:https://github.com/d0c-s4vage/lookatme/pull/110 | MISC:https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0 | URL:https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0 | MISC:https://pypi.org/project/lookatme/#history | URL:https://pypi.org/project/lookatme/#history;Assigned (20200625);None (candidate not yet proposed) +CVE-2020-15348;Candidate;Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.;MISC:https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html | MISC:https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml;Assigned (20200626);None (candidate not yet proposed) +CVE-2020-15415;Candidate;On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.;MISC:https://github.com/CLP-team/Vigor-Commond-Injection | MISC:https://www.draytek.com/about/security-advisory;Assigned (20200630);None (candidate not yet proposed) +CVE-2020-15523;Candidate;In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.;CONFIRM:https://security.netapp.com/advisory/ntap-20210312-0004/ | MISC:https://bugs.python.org/issue29778 | MISC:https://github.com/python/cpython/pull/21297;Assigned (20200704);None (candidate not yet proposed) +CVE-2020-15720;Candidate;In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.;MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1855273 | MISC:https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 | MISC:https://github.com/dogtagpki/pki/compare/v10.9.0-a2...v10.9.0-b1;Assigned (20200714);None (candidate not yet proposed) +CVE-2020-15801;Candidate;In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected.;CONFIRM:https://security.netapp.com/advisory/ntap-20200731-0003/ | MISC:https://bugs.python.org/issue41304 | MISC:https://github.com/python/cpython/pull/21495;Assigned (20200717);None (candidate not yet proposed) +CVE-2020-16977;Candidate;"

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.

The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.

";MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16977 | URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16977;Assigned (20200804);None (candidate not yet proposed) +CVE-2020-17163;Candidate;Visual Studio Code Python Extension Remote Code Execution Vulnerability;MISC:Visual Studio Code Python Extension Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17163;Assigned (20200804);None (candidate not yet proposed) +CVE-2020-1747;Candidate;A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.;CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747 | FEDORA:FEDORA-2020-40c35d7b37 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/ | FEDORA:FEDORA-2020-bdb0bfa928 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/ | FEDORA:FEDORA-2020-e9741a6a15 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/ | FEDORA:FEDORA-2021-3342569a0f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/ | FEDORA:FEDORA-2021-eed7193502 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/ | MISC:https://github.com/yaml/pyyaml/pull/386 | URL:https://github.com/yaml/pyyaml/pull/386 | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | SUSE:openSUSE-SU-2020:0507 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html | SUSE:openSUSE-SU-2020:0630 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html;Assigned (20191127);None (candidate not yet proposed) +CVE-2020-24583;Candidate;An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.;CONFIRM:https://security.netapp.com/advisory/ntap-20200918-0004/ | URL:https://security.netapp.com/advisory/ntap-20200918-0004/ | FEDORA:FEDORA-2020-6941c0a65b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/ | FEDORA:FEDORA-2020-94407454d7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/ | FEDORA:FEDORA-2020-9c6b391162 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/ | MISC:https://docs.djangoproject.com/en/dev/releases/security/ | URL:https://docs.djangoproject.com/en/dev/releases/security/ | MISC:https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM | URL:https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM | MISC:https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU | URL:https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU | MISC:https://www.djangoproject.com/weblog/2020/sep/01/security-releases/ | URL:https://www.djangoproject.com/weblog/2020/sep/01/security-releases/ | MISC:https://www.openwall.com/lists/oss-security/2020/09/01/2 | URL:https://www.openwall.com/lists/oss-security/2020/09/01/2 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | UBUNTU:USN-4479-1 | URL:https://usn.ubuntu.com/4479-1/;Assigned (20200821);None (candidate not yet proposed) +CVE-2020-24584;Candidate;An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.;CONFIRM:https://security.netapp.com/advisory/ntap-20200918-0004/ | URL:https://security.netapp.com/advisory/ntap-20200918-0004/ | FEDORA:FEDORA-2020-6941c0a65b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCRPQCBTV3RZHKVZ6K6QOAANPRZQD3GI/ | FEDORA:FEDORA-2020-94407454d7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2ZHO3GZCJMP3DDTXCNVFV6ED3W64NAU/ | FEDORA:FEDORA-2020-9c6b391162 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLGFFLMF3X6USMJD7V5F5P4K2WVUTO3T/ | MISC:https://docs.djangoproject.com/en/dev/releases/security/ | URL:https://docs.djangoproject.com/en/dev/releases/security/ | MISC:https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM | URL:https://groups.google.com/forum/#!topic/django-announce/Gdqn58RqIDM | MISC:https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU | URL:https://groups.google.com/forum/#!topic/django-announce/zFCMdgUnutU | MISC:https://www.djangoproject.com/weblog/2020/sep/01/security-releases/ | URL:https://www.djangoproject.com/weblog/2020/sep/01/security-releases/ | MISC:https://www.openwall.com/lists/oss-security/2020/09/01/2 | URL:https://www.openwall.com/lists/oss-security/2020/09/01/2 | MISC:https://www.oracle.com/security-alerts/cpujan2021.html | URL:https://www.oracle.com/security-alerts/cpujan2021.html | UBUNTU:USN-4479-1 | URL:https://usn.ubuntu.com/4479-1/;Assigned (20200821);None (candidate not yet proposed) +CVE-2020-24715;Candidate;The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName.;MISC:https://scalyr-static.s3.amazonaws.com/technical-details/index.html;Assigned (20200827);None (candidate not yet proposed) +CVE-2020-25489;Candidate;A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.;CONFIRM:https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/ | MISC:https://github.com/sqreen/PyMiniRacer/compare/v0.2.0...v0.3.0;Assigned (20200914);None (candidate not yet proposed) +CVE-2020-25658;Candidate;It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.;MISC:FEDORA-2021-15e50503d6 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/ | MISC:FEDORA-2021-783a157adc | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ | MISC:FEDORA-2021-c1fef03e71 | URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 | MISC:https://github.com/sybrenstuvel/python-rsa/issues/165 | URL:https://github.com/sybrenstuvel/python-rsa/issues/165;Assigned (20200916);None (candidate not yet proposed) +CVE-2020-25659;Candidate;python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.;MISC:https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b | URL:https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html;Assigned (20200916);None (candidate not yet proposed) +CVE-2020-26116;Candidate;http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.;CONFIRM:https://security.netapp.com/advisory/ntap-20201023-0001/ | URL:https://security.netapp.com/advisory/ntap-20201023-0001/ | FEDORA:FEDORA-2020-221823ebdd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/ | FEDORA:FEDORA-2020-887d3fa26f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/ | FEDORA:FEDORA-2020-d30881c970 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/ | FEDORA:FEDORA-2020-d42cb01973 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/ | FEDORA:FEDORA-2020-e33acdea18 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/ | GENTOO:GLSA-202101-18 | URL:https://security.gentoo.org/glsa/202101-18 | MISC:https://bugs.python.org/issue39603 | URL:https://bugs.python.org/issue39603 | MISC:https://python-security.readthedocs.io/vuln/http-header-injection-method.html | URL:https://python-security.readthedocs.io/vuln/http-header-injection-method.html | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html | MLIST:[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | SUSE:openSUSE-SU-2020:1859 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html | UBUNTU:USN-4581-1 | URL:https://usn.ubuntu.com/4581-1/;Assigned (20200927);None (candidate not yet proposed) +CVE-2020-26222;Candidate;"Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: ""/$({curl,127.0.0.1})"", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class.";CONFIRM:https://github.com/dependabot/dependabot-core/security/advisories/GHSA-23f7-99jx-m54r | URL:https://github.com/dependabot/dependabot-core/security/advisories/GHSA-23f7-99jx-m54r | MISC:https://github.com/dependabot/dependabot-core/commit/e089116abbe284425b976f7920e502b8e83a61b5 | URL:https://github.com/dependabot/dependabot-core/commit/e089116abbe284425b976f7920e502b8e83a61b5 | MISC:https://github.com/dependabot/dependabot-core/pull/2727 | URL:https://github.com/dependabot/dependabot-core/pull/2727;Assigned (20201001);None (candidate not yet proposed) +CVE-2020-26244;Candidate;Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.;CONFIRM:https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg | URL:https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg | MISC:https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498 | URL:https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498 | MISC:https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1 | URL:https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1 | MISC:https://pypi.org/project/oic/ | URL:https://pypi.org/project/oic/;Assigned (20201001);None (candidate not yet proposed) +CVE-2020-26263;Candidate;tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn't start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng.;CONFIRM:https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7 | URL:https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7 | MISC:https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368 | URL:https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368 | MISC:https://github.com/tlsfuzzer/tlslite-ng/pull/438 | URL:https://github.com/tlsfuzzer/tlslite-ng/pull/438 | MISC:https://github.com/tlsfuzzer/tlslite-ng/pull/439 | URL:https://github.com/tlsfuzzer/tlslite-ng/pull/439 | MISC:https://pypi.org/project/tlslite-ng/ | URL:https://pypi.org/project/tlslite-ng/ | MISC:https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ | URL:https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/;Assigned (20201001);None (candidate not yet proposed) +CVE-2020-26268;Candidate;In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6 | MISC:https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7 | URL:https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7;Assigned (20201001);None (candidate not yet proposed) +CVE-2020-26943;Candidate;An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.;CONFIRM:https://security.openstack.org/ossa/OSSA-2020-007.html | MISC:https://launchpad.net/bugs/1895688 | MISC:https://review.opendev.org/755810 | MISC:https://review.opendev.org/755812 | MISC:https://review.opendev.org/755813 | MISC:https://review.opendev.org/755814 | MISC:https://review.opendev.org/756064 | MLIST:[oss-security] 20201016 [OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943) | URL:http://www.openwall.com/lists/oss-security/2020/10/16/5;Assigned (20201010);None (candidate not yet proposed) +CVE-2020-27351;Candidate;"Various memory and file descriptor leaks were found in apt-python files python/arfile.cc, python/tag.cc, python/tarfile.cc, aka GHSL-2020-170. This issue affects: python-apt 1.1.0~beta1 versions prior to 1.1.0~beta1ubuntu0.16.04.10; 1.6.5ubuntu0 versions prior to 1.6.5ubuntu0.4; 2.0.0ubuntu0 versions prior to 2.0.0ubuntu0.20.04.2; 2.1.3ubuntu1 versions prior to 2.1.3ubuntu1.1;";DEBIAN:DSA-4809 | URL:https://www.debian.org/security/2020/dsa-4809 | MISC:https://bugs.launchpad.net/bugs/1899193 | URL:https://bugs.launchpad.net/bugs/1899193 | MISC:https://usn.ubuntu.com/usn/usn-4668-1 | URL:https://usn.ubuntu.com/usn/usn-4668-1;Assigned (20201020);None (candidate not yet proposed) +CVE-2020-27589;Candidate;Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.;CONFIRM:https://community.synopsys.com/s/question/0D52H00005JCZAXSA5/announcement-black-duck-defect-identified | MISC:https://github.com/blackducksoftware/hub-rest-api-python | MISC:https://github.com/blackducksoftware/hub-rest-api-python/pull/113/commits/273b27d0de1004389dd8cf43c40b1197c787e7cd | MISC:https://pypi.org/project/blackduck/ | MISC:https://www.optiv.com/explore-optiv-insights/source-zero/certificate-validation-disabled-black-duck-api-wrapper;Assigned (20201021);None (candidate not yet proposed) +CVE-2020-27619;Candidate;In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.;CONFIRM:https://security.netapp.com/advisory/ntap-20201123-0004/ | URL:https://security.netapp.com/advisory/ntap-20201123-0004/ | FEDORA:FEDORA-2021-12df7f7382 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/ | FEDORA:FEDORA-2021-98720f3785 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/ | GENTOO:GLSA-202402-04 | URL:https://security.gentoo.org/glsa/202402-04 | MISC:https://bugs.python.org/issue41944 | URL:https://bugs.python.org/issue41944 | MISC:https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 | URL:https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 | MISC:https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 | URL:https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 | MISC:https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 | URL:https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 | MISC:https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 | URL:https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 | MISC:https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b | URL:https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MLIST:[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | URL:https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E | MLIST:[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | URL:https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E | MLIST:[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | URL:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E;Assigned (20201022);None (candidate not yet proposed) +CVE-2020-27783;Candidate;A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.;CONFIRM:https://security.netapp.com/advisory/ntap-20210521-0003/ | URL:https://security.netapp.com/advisory/ntap-20210521-0003/ | DEBIAN:DSA-4810 | URL:https://www.debian.org/security/2020/dsa-4810 | FEDORA:FEDORA-2020-0e055ea503 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMHVKRUT22LVWNL3TB7HPSDHJT74Q3JK/ | FEDORA:FEDORA-2020-307946cfb6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKG67GPGTV23KADT4D4GK4RMHSO4CIQL/ | MISC:https://advisory.checkmarx.net/advisory/CX-2020-4286 | URL:https://advisory.checkmarx.net/advisory/CX-2020-4286 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1901633 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1901633 | MISC:https://www.oracle.com//security-alerts/cpujul2021.html | URL:https://www.oracle.com//security-alerts/cpujul2021.html | MLIST:[debian-lts-announce] 20201218 [SECURITY] [DLA 2467-2] lxml regression update | URL:https://lists.debian.org/debian-lts-announce/2020/12/msg00028.html;Assigned (20201027);None (candidate not yet proposed) +CVE-2020-28463;Candidate;"All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF";FEDORA:FEDORA-2021-04bfae8300 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/ | FEDORA:FEDORA-2021-13cdc0ab0e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/ | MISC:https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 | URL:https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 | MISC:https://www.reportlab.com/docs/reportlab-userguide.pdf | URL:https://www.reportlab.com/docs/reportlab-userguide.pdf | MLIST:[debian-lts-announce] 20230929 [SECURITY] [DLA 3590-1] python-reportlab security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00037.html;Assigned (20201112);None (candidate not yet proposed) +CVE-2020-29396;Candidate;A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.;MISC:https://github.com/odoo/odoo/issues/63712 | URL:https://github.com/odoo/odoo/issues/63712 | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html;Assigned (20201130);None (candidate not yet proposed) +CVE-2020-29651;Candidate;A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.;FEDORA:FEDORA-2020-8371993b6b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHDTINIBJZ67T3W74QTBIY5LPKAXEOGR/ | FEDORA:FEDORA-2020-db0eb54982 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYWNYEV3FGDHPIHX4DDUDMFZ6NLCQRC4/ | MISC:https://github.com/pytest-dev/py/issues/256 | URL:https://github.com/pytest-dev/py/issues/256 | MISC:https://github.com/pytest-dev/py/pull/257 | URL:https://github.com/pytest-dev/py/pull/257 | MISC:https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 | URL:https://github.com/pytest-dev/py/pull/257/commits/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html;Assigned (20201209);None (candidate not yet proposed) +CVE-2020-35678;Candidate;Autobahn|Python before 20.12.3 allows redirect header injection.;CONFIRM:https://autobahn.readthedocs.io/en/latest/changelog.html | CONFIRM:https://github.com/crossbario/autobahn-python/pull/1439 | CONFIRM:https://pypi.org/project/autobahn/20.12.3/ | MISC:https://github.com/crossbario/autobahn-python | MISC:https://github.com/crossbario/autobahn-python/compare/v20.12.2...v20.12.3;Assigned (20201224);None (candidate not yet proposed) +CVE-2020-36242;Candidate;In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.;CONFIRM:https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst | URL:https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst | CONFIRM:https://github.com/pyca/cryptography/compare/3.3.1...3.3.2 | URL:https://github.com/pyca/cryptography/compare/3.3.1...3.3.2 | FEDORA:FEDORA-2021-8e36e7ed1a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/ | MISC:https://github.com/pyca/cryptography/issues/5615 | URL:https://github.com/pyca/cryptography/issues/5615 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html;Assigned (20210207);None (candidate not yet proposed) +CVE-2020-4636;Candidate;IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.;CONFIRM:https://www.ibm.com/support/pages/node/6348694 | URL:https://www.ibm.com/support/pages/node/6348694 | XF:ibm-resilient-cve20204636-command-exec (185503) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/185503;Assigned (20191230);None (candidate not yet proposed) +CVE-2020-5215;Candidate;"In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(""hello"", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.";CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9 | MISC:https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf | MISC:https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2 | MISC:https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1;Assigned (20200102);None (candidate not yet proposed) +CVE-2020-5227;Candidate;Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The *feedgen* library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of Service Attacks (e.g. XML Bomb). This becomes a concern in particular if feedgen is used to include content from untrused sources and if XML (including XHTML) is directly included instead of providing plain tex content only. This problem has been fixed in feedgen 0.9.0 which disallows XML entity expansion and external resources.;CONFIRM:https://github.com/lkiesow/python-feedgen/security/advisories/GHSA-g8q7-xv52-hf9f | FEDORA:FEDORA-2020-8493201e90 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6I5ENUYGFNMIH6ZQ62FZ6VU2WD3SIOI/ | MISC:https://docs.microsoft.com/en-us/archive/msdn-magazine/2009/november/xml-denial-of-service-attacks-and-defenses | MISC:https://github.com/lkiesow/python-feedgen/commit/f57a01b20fa4aaaeccfa417f28e66b4084b9d0cf;Assigned (20200102);None (candidate not yet proposed) +CVE-2020-5252;Candidate;"The command-line ""safety"" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is considered to be of low severity because the attack makes use of an existing Python condition, not the Safety tool itself. This can happen if: You are running Safety in a Python environment that you don’t trust. You are running Safety from the same Python environment where you have your dependencies installed. Dependency packages are being installed arbitrarily or without proper verification. Users can mitigate this issue by doing any of the following: Perform a static analysis by installing Docker and running the Safety Docker image: $ docker run --rm -it pyupio/safety check -r requirements.txt Run Safety against a static dependencies list, such as the requirements.txt file, in a separate, clean Python environment. Run Safety from a Continuous Integration pipeline. Use PyUp.io, which runs Safety in a controlled environment and checks Python for dependencies without any need to install them. Use PyUp's Online Requirements Checker.";CONFIRM:https://github.com/akoumjian/python-safety-vuln | CONFIRM:https://github.com/pyupio/safety/security/advisories/GHSA-7q25-qrjw-6fg2 | CONFIRM:https://pyup.io/posts/patched-vulnerability/;Assigned (20200102);None (candidate not yet proposed) +CVE-2020-5740;Candidate;Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.;CONFIRM:https://www.tenable.com/security/research/tra-2020-25;Assigned (20200106);None (candidate not yet proposed) +CVE-2020-5741;Candidate;Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.;MISC:http://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.html | MISC:https://www.tenable.com/security/research/tra-2020-32;Assigned (20200106);None (candidate not yet proposed) +CVE-2020-7212;Candidate;The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).;MISC:https://github.com/urllib3/urllib3/blob/master/CHANGES.rst | MISC:https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a | MISC:https://pypi.org/project/urllib3/1.25.8/;Assigned (20200116);None (candidate not yet proposed) +CVE-2020-8315;Candidate;In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.;MISC:https://bugs.python.org/issue39401;Assigned (20200128);None (candidate not yet proposed) +CVE-2020-8492;Candidate;Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.;CONFIRM:https://security.netapp.com/advisory/ntap-20200221-0001/ | FEDORA:FEDORA-2020-6a88dad4a0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/ | FEDORA:FEDORA-2020-8bdd3fd7a4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/ | FEDORA:FEDORA-2020-98e0f0f11b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/ | FEDORA:FEDORA-2020-ea5bdbcc90 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/ | GENTOO:GLSA-202005-09 | URL:https://security.gentoo.org/glsa/202005-09 | MISC:https://bugs.python.org/issue39503 | MISC:https://github.com/python/cpython/pull/18284 | MISC:https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html | MLIST:[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492 | URL:https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5@%3Ccommits.cassandra.apache.org%3E | MLIST:[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492 | URL:https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da@%3Ccommits.cassandra.apache.org%3E | MLIST:[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | SUSE:openSUSE-SU-2020:0274 | URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html | UBUNTU:USN-4333-1 | URL:https://usn.ubuntu.com/4333-1/ | UBUNTU:USN-4333-2 | URL:https://usn.ubuntu.com/4333-2/;Assigned (20200130);None (candidate not yet proposed) +CVE-2020-8897;Candidate;A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.;CONFIRM:https://aws.amazon.com/blogs/security/improved-client-side-encryption-explicit-keyids-and-key-commitment/ | URL:https://aws.amazon.com/blogs/security/improved-client-side-encryption-explicit-keyids-and-key-commitment/ | CONFIRM:https://github.com/google/security-research/security/advisories/GHSA-wqgp-vphw-hphf | URL:https://github.com/google/security-research/security/advisories/GHSA-wqgp-vphw-hphf;Assigned (20200212);None (candidate not yet proposed) +CVE-2020-9306;Candidate;"Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a ""Use of Hard-coded Credentials"" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.";CONFIRM:https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md | MISC:https://www.fireeye.com/blog/threat-research.html | MISC:https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html | MISC:https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html;Assigned (20200219);None (candidate not yet proposed) +CVE-2021-21236;Candidate;CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information.;CONFIRM:https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf | URL:https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf | MISC:https://github.com/Kozea/CairoSVG/commit/cfc9175e590531d90384aa88845052de53d94bf3 | URL:https://github.com/Kozea/CairoSVG/commit/cfc9175e590531d90384aa88845052de53d94bf3 | MISC:https://github.com/Kozea/CairoSVG/releases/tag/2.5.1 | URL:https://github.com/Kozea/CairoSVG/releases/tag/2.5.1 | MISC:https://pypi.org/project/CairoSVG/ | URL:https://pypi.org/project/CairoSVG/;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21238;Candidate;PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.;CONFIRM:https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 | URL:https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 | MISC:https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14 | URL:https://github.com/IdentityPython/pysaml2/commit/1d8fd268f5bf887480a403a7a5ef8f048157cc14 | MISC:https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 | URL:https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 | MISC:https://pypi.org/project/pysaml2 | URL:https://pypi.org/project/pysaml2;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21239;Candidate;PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ensure that a signed SAML document is correctly signed. The default CryptoBackendXmlSec1 backend is using the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within the given document. xmlsec1 needs to be configured explicitly to only use only _x509 certificates_ for the verification process of the SAML document signature. This is fixed in PySAML2 6.5.0.;CONFIRM:https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 | URL:https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 | MISC:https://github.com/IdentityPython/pysaml2/commit/46578df0695269a16f1c94171f1429873f90ed99 | URL:https://github.com/IdentityPython/pysaml2/commit/46578df0695269a16f1c94171f1429873f90ed99 | MISC:https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 | URL:https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0 | MISC:https://pypi.org/project/pysaml2 | URL:https://pypi.org/project/pysaml2 | MISC:https://www.aleksey.com/pipermail/xmlsec/2013/009717.html | URL:https://www.aleksey.com/pipermail/xmlsec/2013/009717.html | MLIST:[debian-lts-announce] 20210226 [SECURITY] [DLA 2577-1] python-pysaml2 security update | URL:https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21240;Candidate;"httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of ""\xa0"" characters in the ""www-authenticate"" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.";CONFIRM:https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m | URL:https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m | MISC:https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc | URL:https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc | MISC:https://github.com/httplib2/httplib2/pull/182 | URL:https://github.com/httplib2/httplib2/pull/182 | MISC:https://pypi.org/project/httplib2 | URL:https://pypi.org/project/httplib2;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21241;Candidate;"The Python ""Flask-Security-Too"" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Version 3.4.5 and version 4.0.0 are patched. As a workaround, if you aren't using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to ""0"" (seconds) which should make the token unusable.";CONFIRM:https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv | URL:https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv | MISC:https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f | URL:https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f | MISC:https://github.com/Flask-Middleware/flask-security/commit/6d50ee9169acf813257c37b75babe9c28e83542a | URL:https://github.com/Flask-Middleware/flask-security/commit/6d50ee9169acf813257c37b75babe9c28e83542a | MISC:https://github.com/Flask-Middleware/flask-security/pull/422 | URL:https://github.com/Flask-Middleware/flask-security/pull/422 | MISC:https://github.com/Flask-Middleware/flask-security/releases/tag/3.4.5 | URL:https://github.com/Flask-Middleware/flask-security/releases/tag/3.4.5 | MISC:https://pypi.org/project/Flask-Security-Too | URL:https://pypi.org/project/Flask-Security-Too;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21273;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 | URL:https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746 | MISC:https://github.com/matrix-org/synapse/pull/8821 | URL:https://github.com/matrix-org/synapse/pull/8821 | MISC:https://github.com/matrix-org/synapse/releases/tag/v1.25.0 | URL:https://github.com/matrix-org/synapse/releases/tag/v1.25.0;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21274;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8 | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8 | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 | URL:https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6 | MISC:https://github.com/matrix-org/synapse/pull/8950 | URL:https://github.com/matrix-org/synapse/pull/8950 | MISC:https://github.com/matrix-org/synapse/releases/tag/v1.25.0 | URL:https://github.com/matrix-org/synapse/releases/tag/v1.25.0;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21317;Candidate;uap-core in an open-source npm package which contains the core of BrowserScope's original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes.;CONFIRM:https://github.com/ua-parser/uap-core/security/advisories/GHSA-p4pj-mg4r-x6v4 | URL:https://github.com/ua-parser/uap-core/security/advisories/GHSA-p4pj-mg4r-x6v4 | MISC:https://github.com/ua-parser/uap-core/commit/dc9925d458214cfe87b93e35346980612f6ae96c | URL:https://github.com/ua-parser/uap-core/commit/dc9925d458214cfe87b93e35346980612f6ae96c | MISC:https://www.npmjs.com/package/uap-core | URL:https://www.npmjs.com/package/uap-core;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21330;Candidate;"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows ""pip install aiohttp >= 3.7.4"". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications.";CONFIRM:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg | DEBIAN:DSA-4864 | URL:https://www.debian.org/security/2021/dsa-4864 | FEDORA:FEDORA-2021-673b10ed77 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3V7CZJRT4QFCVXB6LDPCJH7NAOFCA5/ | FEDORA:FEDORA-2021-902c1b07c9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU7ENI54JNEK3PHEFGCE46DGMFNTVU6L/ | GENTOO:GLSA-202208-19 | URL:https://security.gentoo.org/glsa/202208-19 | MISC:https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 | URL:https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25 | MISC:https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b | URL:https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b | MISC:https://pypi.org/project/aiohttp/ | URL:https://pypi.org/project/aiohttp/;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21332;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899 | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899 | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df | URL:https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df | MISC:https://github.com/matrix-org/synapse/pull/9200 | URL:https://github.com/matrix-org/synapse/pull/9200 | MISC:https://github.com/matrix-org/synapse/releases/tag/v1.27.0 | URL:https://github.com/matrix-org/synapse/releases/tag/v1.27.0;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21333;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df | URL:https://github.com/matrix-org/synapse/commit/e54746bdf7d5c831eabe4dcea76a7626f1de73df | MISC:https://github.com/matrix-org/synapse/pull/9200 | URL:https://github.com/matrix-org/synapse/pull/9200 | MISC:https://github.com/matrix-org/synapse/releases/tag/v1.27.0 | URL:https://github.com/matrix-org/synapse/releases/tag/v1.27.0;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21392;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78 | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/pull/9240 | URL:https://github.com/matrix-org/synapse/pull/9240 | MISC:https://pypi.org/project/matrix-synapse/ | URL:https://pypi.org/project/matrix-synapse/;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21393;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88 | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88 | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/pull/9321 | URL:https://github.com/matrix-org/synapse/pull/9321 | MISC:https://github.com/matrix-org/synapse/pull/9393 | URL:https://github.com/matrix-org/synapse/pull/9393 | MISC:https://pypi.org/project/matrix-synapse/ | URL:https://pypi.org/project/matrix-synapse/;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21394;Candidate;Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362 | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/pull/9321 | URL:https://github.com/matrix-org/synapse/pull/9321 | MISC:https://github.com/matrix-org/synapse/pull/9393 | URL:https://github.com/matrix-org/synapse/pull/9393 | MISC:https://pypi.org/project/matrix-synapse/ | URL:https://pypi.org/project/matrix-synapse/;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-21419;Candidate;Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.;CONFIRM:https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 | URL:https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2 | FEDORA:FEDORA-2021-9fde3d7ab1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5JZP4LZOSP7CUAM3GIRW6PIAWKH5VGB/ | FEDORA:FEDORA-2021-d5915c247b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WJFSBPLCNSZNHYQC4QDRDFRTEZRMD2L/;Assigned (20201222);None (candidate not yet proposed) +CVE-2021-23336;Candidate;"The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.";CONFIRM:https://security.netapp.com/advisory/ntap-20210326-0004/ | URL:https://security.netapp.com/advisory/ntap-20210326-0004/ | FEDORA:FEDORA-2021-12df7f7382 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/ | FEDORA:FEDORA-2021-1bb399a5af | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/ | FEDORA:FEDORA-2021-2897f5366c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/ | FEDORA:FEDORA-2021-309bc2e727 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/ | FEDORA:FEDORA-2021-3352c1c802 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/ | FEDORA:FEDORA-2021-5a09621ebb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/ | FEDORA:FEDORA-2021-7547ad987f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/ | FEDORA:FEDORA-2021-7c1bb32d13 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/ | FEDORA:FEDORA-2021-7d3a9004e2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/ | FEDORA:FEDORA-2021-907f3bacae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/ | FEDORA:FEDORA-2021-98720f3785 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/ | FEDORA:FEDORA-2021-b1843407ca | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/ | FEDORA:FEDORA-2021-b326fcb83f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/ | FEDORA:FEDORA-2021-b6b6093b3a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/ | FEDORA:FEDORA-2021-b76ede8f4d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/ | FEDORA:FEDORA-2021-e22bb0e548 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/ | FEDORA:FEDORA-2021-e525e48886 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/ | FEDORA:FEDORA-2021-ef83e8525a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/ | FEDORA:FEDORA-2021-f4fd9372c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/ | GENTOO:GLSA-202104-04 | URL:https://security.gentoo.org/glsa/202104-04 | MISC:https://github.com/python/cpython/pull/24297 | URL:https://github.com/python/cpython/pull/24297 | MISC:https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ | URL:https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ | MISC:https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 | URL:https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933 | MISC:https://www.oracle.com//security-alerts/cpujul2021.html | URL:https://www.oracle.com//security-alerts/cpujul2021.html | MISC:https://www.oracle.com/security-alerts/cpuApr2021.html | URL:https://www.oracle.com/security-alerts/cpuApr2021.html | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html | MLIST:[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL | URL:https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E | MLIST:[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL | URL:https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E | MLIST:[debian-lts-announce] 20210219 [SECURITY] [DLA 2569-1] python-django security update | URL:https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html | MLIST:[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html | MLIST:[debian-lts-announce] 20210417 [SECURITY] [DLA 2628-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html | MLIST:[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | URL:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E | MLIST:[oss-security] 20210219 Django security releases: CVE-2021-23336: Web cache poisoning via ``django.utils.http.limited_parse_qsl()`` | URL:http://www.openwall.com/lists/oss-security/2021/02/19/4 | MLIST:[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL | URL:http://www.openwall.com/lists/oss-security/2021/05/01/2;Assigned (20210108);None (candidate not yet proposed) +CVE-2021-24105;Candidate;"

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe this vulnerability affects multiple package managers across multiple languages, including but not limited to: Python/pip, .NET/NuGet, Java/Maven, JavaScript/npm.

Attack scenarios

An attacker could take advantage of this ecosystem-wide issue to cause harm in a variety of ways. The original attack scenarios were discovered by Alex Birsan and are detailed in their whitepaper, Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies.

  • With basic knowledge of the target ecosystems, an attacker could create an empty shell for a package and insert malicious code in the install scripts, give it a high version, and publish it to the public repository. Vulnerable victim machines will download the higher version of the package between the public and private repositories and attempt to install it. Due to code incompatibility it will probably error out upon import or upon compilation, making it easier to detect; however the attacker would have gained code execution by that point.

  • An advanced attacker with some inside knowledge of the target could take a copy of a working package, insert the malicious code (in the package itself or in the install), and then publish it to a public repository. The package will likely install and import correctly, granting the attacker an initial foothold and persistence.

These two methods could affect target organizations at any of these various levels:

  • Developer machines
  • An entire team if the configuration to import the malicious package is uploaded to a code repository
  • Continuous integration pipelines if they pull the malicious packages during the build, test, and/or deploy stages
  • Customers, download servers, production services if the malicious code has not been detected

This remote code execution vulnerability can only be addressed by reconfiguring installation tools and workflows, and not by correcting anything in the package repositories themselves. See the FAQ section of this CVE for configuration guidance.

";MISC:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24105 | URL:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24105;Assigned (20210113);None (candidate not yet proposed) +CVE-2021-25322;Candidate;A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.;CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1182373 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1182373;Assigned (20210119);None (candidate not yet proposed) +CVE-2021-26551;Candidate;An issue was discovered in SmartFoxServer 2.17.0. An attacker can execute arbitrary Python code, and bypass the javashell.py protection mechanism, by creating /config/ConsoleModuleUnlock.txt and editing /config/admin/admintool.xml to enable the Console module.;MISC:http://packetstormsecurity.com/files/161340/SmartFoxServer-2X-2.17.0-Remote-Code-Execution.html | MISC:https://www.smartfoxserver.com | MISC:https://www.zeroscience.mk/en/vulnerabilities/;Assigned (20210201);None (candidate not yet proposed) +CVE-2021-28359;Candidate;"The ""origin"" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).";MISC:https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E | URL:https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E | MLIST:[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL | URL:https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E;Assigned (20210313);None (candidate not yet proposed) +CVE-2021-28363;Candidate;The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.;CONFIRM:https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 | URL:https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 | CONFIRM:https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r | URL:https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r | CONFIRM:https://pypi.org/project/urllib3/1.26.4/ | URL:https://pypi.org/project/urllib3/1.26.4/ | FEDORA:FEDORA-2021-3f378dda90 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S65ZQVZ2ODGB52IC7VJDBUK4M5INCXL/ | GENTOO:GLSA-202107-36 | URL:https://security.gentoo.org/glsa/202107-36 | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://github.com/urllib3/urllib3/commits/main | URL:https://github.com/urllib3/urllib3/commits/main | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html;Assigned (20210313);None (candidate not yet proposed) +CVE-2021-28667;Candidate;StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).;MISC:https://stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/;Assigned (20210318);None (candidate not yet proposed) +CVE-2021-28861;Candidate;"** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states ""Warning: http.server is not recommended for production. It only implements basic security checks.""";FEDORA:FEDORA-2022-01d5789c08 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/ | FEDORA:FEDORA-2022-15f1aa7dc7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/ | FEDORA:FEDORA-2022-20116fb6aa | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/ | FEDORA:FEDORA-2022-2173709172 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/ | FEDORA:FEDORA-2022-4ac2e16969 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/ | FEDORA:FEDORA-2022-61d8e8d880 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/ | FEDORA:FEDORA-2022-79843dfb3c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ | FEDORA:FEDORA-2022-7ca361a226 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/ | FEDORA:FEDORA-2022-7fff0f2b0b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/ | FEDORA:FEDORA-2022-a27e239f5a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/ | FEDORA:FEDORA-2022-a2be4bd5d8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/ | FEDORA:FEDORA-2022-d1682fef04 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ | FEDORA:FEDORA-2022-f511f8f58b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/ | FEDORA:FEDORA-2022-fde69532df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/ | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://bugs.python.org/issue43223 | URL:https://bugs.python.org/issue43223 | MISC:https://github.com/python/cpython/pull/24848 | URL:https://github.com/python/cpython/pull/24848 | MISC:https://github.com/python/cpython/pull/93879 | URL:https://github.com/python/cpython/pull/93879;Assigned (20210319);None (candidate not yet proposed) +CVE-2021-28957;Candidate;An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.;CONFIRM:https://security.netapp.com/advisory/ntap-20210521-0004/ | URL:https://security.netapp.com/advisory/ntap-20210521-0004/ | DEBIAN:DSA-4880 | URL:https://www.debian.org/security/2021/dsa-4880 | FEDORA:FEDORA-2021-28723f9670 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3C2R44VDUY7FJVMAVRZ2WY7XYL4SVN45/ | FEDORA:FEDORA-2021-4cdb0f68c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXN3QPWCTQVOGW4BMWV3AUUZZ4NRZNSQ/ | GENTOO:GLSA-202208-06 | URL:https://security.gentoo.org/glsa/202208-06 | MISC:https://bugs.launchpad.net/lxml/+bug/1888153 | URL:https://bugs.launchpad.net/lxml/+bug/1888153 | MISC:https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999 | URL:https://github.com/lxml/lxml/commit/a5f9cb52079dc57477c460dbe6ba0f775e14a999 | MISC:https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270 | URL:https://github.com/lxml/lxml/pull/316/commits/10ec1b4e9f93713513a3264ed6158af22492f270 | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html | MLIST:[debian-lts-announce] 20210324 [SECURITY] [DLA 2606-1] lxml security update | URL:https://lists.debian.org/debian-lts-announce/2021/03/msg00031.html;Assigned (20210321);None (candidate not yet proposed) +CVE-2021-29421;Candidate;models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.;CONFIRM:https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a | FEDORA:FEDORA-2021-4bf9909a76 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQ/ | FEDORA:FEDORA-2021-d97bc581be | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/ | MISC:https://github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rst#v2100;Assigned (20210329);None (candidate not yet proposed) +CVE-2021-29471;Candidate;"Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.33.2 ""Push rules"" can specify conditions under which they will match, including `event_match`, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events. The issue is patched in version 1.33.2. A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.";CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85 | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85 | FEDORA:FEDORA-2021-a627cfd31e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY/ | MISC:https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c | URL:https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c | MISC:https://github.com/matrix-org/synapse/releases/tag/v1.33.2 | URL:https://github.com/matrix-org/synapse/releases/tag/v1.33.2;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29510;Candidate;Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either `'infinity'`, `'inf'` or `float('inf')` (or their negatives) to `datetime` or `date` fields causes validation to run forever with 100% CPU usage (on one CPU). Pydantic has been patched with fixes available in the following versions: v1.8.2, v1.7.4, v1.6.2. All these versions are available on pypi(https://pypi.org/project/pydantic/#history), and will be available on conda-forge(https://anaconda.org/conda-forge/pydantic) soon. See the changelog(https://pydantic-docs.helpmanual.io/) for details. If you absolutely can't upgrade, you can work around this risk using a validator(https://pydantic-docs.helpmanual.io/usage/validators/) to catch these values. This is not an ideal solution (in particular you'll need a slightly different function for datetimes), instead of a hack like this you should upgrade pydantic. If you are not using v1.8.x, v1.7.x or v1.6.x and are unable to upgrade to a fixed version of pydantic, please create an issue at https://github.com/samuelcolvin/pydantic/issues requesting a back-port, and we will endeavour to release a patch for earlier versions of pydantic.;CONFIRM:https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh | URL:https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh | FEDORA:FEDORA-2021-4d3de3183f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2HT266L6Q7H6ICP7DFGXOGBJHNNKMKB/ | FEDORA:FEDORA-2021-e7fabd81fb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEFWM7DYKD2ZHE7R5YT5EQWJPV4ZKYRB/ | FEDORA:FEDORA-2021-f8bb3ba3ec | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMKAJX4O6IGBBCE32CO2G7PZQCCQSBLV/ | MISC:https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468 | URL:https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29512;Candidate;TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the `for` loop, `batch_idx` is set to 0. The user controls the `splits` array, making it contain only one element, 0. Thus, the code in the `while` loop would increment `batch_idx` and then try to read `splits(1)`, which is outside of bounds. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are also affected.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4278-2v5v-65r4 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4278-2v5v-65r4 | MISC:https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5 | URL:https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29513;Candidate;TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array(https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-452g-f7fp-9jf7 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-452g-f7fp-9jf7 | MISC:https://github.com/tensorflow/tensorflow/commit/030af767d357d1b4088c4a25c72cb3906abac489 | URL:https://github.com/tensorflow/tensorflow/commit/030af767d357d1b4088c4a25c72cb3906abac489;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29514;Candidate;TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the `splits` tensor buffer in the implementation of the `RaggedBincount` op(https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the `for` loop, `batch_idx` is set to 0. The attacker sets `splits(0)` to be 7, hence the `while` loop does not execute and `batch_idx` remains 0. This then results in writing to `out(-1, bin)`, which is before the heap allocated buffer for the output tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are also affected.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8h46-5m9h-7553 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8h46-5m9h-7553 | MISC:https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5 | URL:https://github.com/tensorflow/tensorflow/commit/eebb96c2830d48597d055d247c0e9aebaea94cd5;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29539;Candidate;TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g4h2-gqm3-c9wq | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g4h2-gqm3-c9wq | MISC:https://github.com/tensorflow/tensorflow/commit/4f663d4b8f0bec1b48da6fa091a7d29609980fa4 | URL:https://github.com/tensorflow/tensorflow/commit/4f663d4b8f0bec1b48da6fa091a7d29609980fa4;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29548;Candidate;TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract(https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization). The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p45v-v4pw-77jr | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p45v-v4pw-77jr | MISC:https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b | URL:https://github.com/tensorflow/tensorflow/commit/d6ed5bcfe1dcab9e85a4d39931bd18d99018e75b;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29567;Candidate;TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger denial of service via `CHECK`-fails or accesses to outside the bounds of heap allocated data. Since the implementation(https://github.com/tensorflow/tensorflow/blob/38178a2f7a681a7835bb0912702a134bfe3b4d84/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L68-L80) only validates the rank of the input arguments but no constraints between dimensions(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SparseDenseCwiseMul), an attacker can abuse them to trigger internal `CHECK` assertions (and cause program termination, denial of service) or to write to memory outside of bounds of heap allocated tensor buffers. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp3c-xw9g-gpcg | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp3c-xw9g-gpcg | MISC:https://github.com/tensorflow/tensorflow/commit/7ae2af34087fb4b5c8915279efd03da3b81028bc | URL:https://github.com/tensorflow/tensorflow/commit/7ae2af34087fb4b5c8915279efd03da3b81028bc;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29571;Candidate;TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of `boxes` input is 4, as required by [the op](https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in `boxes` is less than 4, accesses similar to `tboxes(b, bb, 3)` will access data outside of bounds. Further during code execution there are also writes to these indices. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-whr9-vfh2-7hm6 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-whr9-vfh2-7hm6 | MISC:https://github.com/tensorflow/tensorflow/commit/79865b542f9ffdc9caeb255631f7c56f1d4b6517 | URL:https://github.com/tensorflow/tensorflow/commit/79865b542f9ffdc9caeb255631f7c56f1d4b6517;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29572;Candidate;TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation(https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer). The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5gqf-456p-4836 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5gqf-456p-4836 | MISC:https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb | URL:https://github.com/tensorflow/tensorflow/commit/f7cc8755ac6683131fdfa7a8a121f9d7a9dec6fb;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29614;Candidate;TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. The implementation of the padded version(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc) is buggy due to a confusion about pointer arithmetic rules. First, the code computes(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L61) the width of each output element by dividing the `fixed_length` value to the size of the type argument. The `fixed_length` argument is also used to determine the size needed for the output tensor(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L63-L79). This is followed by reencoding code(https://github.com/tensorflow/tensorflow/blob/1d8903e5b167ed0432077a3db6e462daf781d1fe/tensorflow/core/kernels/decode_padded_raw_op.cc#L85-L94). The erroneous code is the last line above: it is moving the `out_data` pointer by `fixed_length * sizeof(T)` bytes whereas it only copied at most `fixed_length` bytes from the input. This results in parts of the input not being decoded into the output. Furthermore, because the pointer advance is far wider than desired, this quickly leads to writing to outside the bounds of the backing data. This OOB write leads to interpreter crash in the reproducer mentioned here, but more severe attacks can be mounted too, given that this gadget allows writing to periodically placed locations in memory. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8pmx-p244-g88h | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8pmx-p244-g88h | MISC:https://github.com/tensorflow/tensorflow/commit/698e01511f62a3c185754db78ebce0eee1f0184d | URL:https://github.com/tensorflow/tensorflow/commit/698e01511f62a3c185754db78ebce0eee1f0184d;Assigned (20210330);None (candidate not yet proposed) +CVE-2021-29921;Candidate;In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.;CONFIRM:https://security.netapp.com/advisory/ntap-20210622-0003/ | URL:https://security.netapp.com/advisory/ntap-20210622-0003/ | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://bugs.python.org/issue36384 | URL:https://bugs.python.org/issue36384 | MISC:https://docs.python.org/3/library/ipaddress.html | URL:https://docs.python.org/3/library/ipaddress.html | MISC:https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst | URL:https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst | MISC:https://github.com/python/cpython/pull/12577 | URL:https://github.com/python/cpython/pull/12577 | MISC:https://github.com/python/cpython/pull/25099 | URL:https://github.com/python/cpython/pull/25099 | MISC:https://github.com/sickcodes | URL:https://github.com/sickcodes | MISC:https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md | URL:https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md | MISC:https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html | URL:https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html | MISC:https://sick.codes/sick-2021-014 | URL:https://sick.codes/sick-2021-014 | MISC:https://www.oracle.com//security-alerts/cpujul2021.html | URL:https://www.oracle.com//security-alerts/cpujul2021.html | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html;Assigned (20210401);None (candidate not yet proposed) +CVE-2021-3177;Candidate;Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.;CONFIRM:https://security.netapp.com/advisory/ntap-20210226-0003/ | URL:https://security.netapp.com/advisory/ntap-20210226-0003/ | FEDORA:FEDORA-2021-076a2dccba | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/ | FEDORA:FEDORA-2021-17668e344a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/ | FEDORA:FEDORA-2021-3352c1c802 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/ | FEDORA:FEDORA-2021-42ba9feb47 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/ | FEDORA:FEDORA-2021-66547ff92d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/ | FEDORA:FEDORA-2021-7547ad987f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/ | FEDORA:FEDORA-2021-851c6e4e2d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/ | FEDORA:FEDORA-2021-907f3bacae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/ | FEDORA:FEDORA-2021-cc3ff94cfc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/ | FEDORA:FEDORA-2021-ced31f3f0c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/ | FEDORA:FEDORA-2021-d5cde50865 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/ | FEDORA:FEDORA-2021-e3a5a74610 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/ | FEDORA:FEDORA-2021-f4fd9372c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/ | FEDORA:FEDORA-2021-faf88b9499 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/ | GENTOO:GLSA-202101-18 | URL:https://security.gentoo.org/glsa/202101-18 | MISC:https://bugs.python.org/issue42938 | URL:https://bugs.python.org/issue42938 | MISC:https://github.com/python/cpython/pull/24239 | URL:https://github.com/python/cpython/pull/24239 | MISC:https://news.ycombinator.com/item?id=26185005 | URL:https://news.ycombinator.com/item?id=26185005 | MISC:https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html | URL:https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html | MISC:https://www.oracle.com//security-alerts/cpujul2021.html | URL:https://www.oracle.com//security-alerts/cpujul2021.html | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html | MLIST:[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html | MLIST:[debian-lts-announce] 20220212 [SECURITY] [DLA 2919-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | MLIST:[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | URL:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E;Assigned (20210119);None (candidate not yet proposed) +CVE-2021-31997;Candidate;A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions.;CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1182407 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1182407;Assigned (20210503);None (candidate not yet proposed) +CVE-2021-32052;Candidate;In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.;CONFIRM:https://security.netapp.com/advisory/ntap-20210611-0002/ | FEDORA:FEDORA-2021-01044b8a59 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVKYPHR3TKR2ESWXBPOJEKRO2OSJRZUE/ | MISC:http://www.openwall.com/lists/oss-security/2021/05/06/1 | MISC:https://docs.djangoproject.com/en/3.2/releases/security/ | MISC:https://groups.google.com/forum/#!forum/django-announce | MISC:https://www.djangoproject.com/weblog/2021/may/06/security-releases/;Assigned (20210505);None (candidate not yet proposed) +CVE-2021-32618;Candidate;"The Python ""Flask-Security-Too"" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented with a possibly incomplete URL. As a concrete example - setting http://login?next=\\\github.com will pass FS's relative URL check however many browsers will gladly convert this to http://github.com. Thus an attacker could send such a link to an unwitting user, using a legitimate site and have it redirect to whatever site they want. This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute. It is possible for application writers to modify this default behavior by setting the 'autocorrect_location_header=False`.";CONFIRM:https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-6qmf-fj6m-686c | URL:https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-6qmf-fj6m-686c | MISC:https://github.com/Flask-Middleware/flask-security/issues/486 | URL:https://github.com/Flask-Middleware/flask-security/issues/486;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32633;Candidate;Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.;CONFIRM:https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | URL:https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | MISC:https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/ | MISC:https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91 | URL:https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91 | MLIST:[oss-security] 20210521 Plone security hotfix 20210518 | URL:http://www.openwall.com/lists/oss-security/2021/05/21/1 | MLIST:[oss-security] 20210522 Re: Plone security hotfix 20210518 | URL:http://www.openwall.com/lists/oss-security/2021/05/22/1;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32674;Candidate;Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.;CONFIRM:https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6 | URL:https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6 | MISC:https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21 | URL:https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21 | MISC:https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | URL:https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | MISC:https://pypi.org/project/Zope/ | URL:https://pypi.org/project/Zope/;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32677;Candidate;FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json). A request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted. Requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. The browser will execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application. This is fixed in FastAPI 0.65.2. The request data is now parsed as JSON only if the content-type header is application/json or another JSON compatible media type like application/geo+json. It's best to upgrade to the latest FastAPI, but if updating is not possible then a middleware or a dependency that checks the content-type header and aborts the request if it is not application/json or another JSON compatible content type can act as a mitigating workaround.;CONFIRM:https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7 | URL:https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7 | FEDORA:FEDORA-2021-917e89c036 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MATAWX25TYKNEKLDMKWNLYDB34UWTROA/ | MISC:https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d | URL:https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32807;Candidate;"The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict access to Python modules and only exempt a few that are deemed safe, such as Python's `string` module. However, full access to the `string` module also allows access to the class `Formatter`, which can be overridden and extended within `Script (Python)` in a way that provides access to other unsafe Python libraries. Those unsafe Python libraries can be used for remote code execution. By default, you need to have the admin-level Zope ""Manager"" role to add or edit `Script (Python)` objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web - which would be a very unusual configuration to begin with - are at risk. The problem has been fixed in AccessControl 4.3 and 5.2. Only AccessControl versions 4 and 5 are vulnerable, and only on Python 3, not Python 2.7. As a workaround, a site administrator can restrict adding/editing `Script (Python)` objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.";CONFIRM:https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf | URL:https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf | MISC:https://github.com/zopefoundation/AccessControl/blob/master/CHANGES.rst#51-2021-07-30 | URL:https://github.com/zopefoundation/AccessControl/blob/master/CHANGES.rst#51-2021-07-30 | MISC:https://github.com/zopefoundation/AccessControl/commit/b42dd4badf803bb9fb71ac34cd9cb0c249262f2c | URL:https://github.com/zopefoundation/AccessControl/commit/b42dd4badf803bb9fb71ac34cd9cb0c249262f2c;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32811;Candidate;"Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope ""Manager"" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.";CONFIRM:https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr | URL:https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr | MISC:https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf | URL:https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf | MISC:https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988 | URL:https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32831;Candidate;Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.;CONFIRM:https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/ | URL:https://securitylab.github.com/advisories/GHSL-2021-066-totaljs-totaljs/ | MISC:https://github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11 | URL:https://github.com/totaljs/framework/blob/e644167d5378afdc45cb0156190349b2c07ef235/changes.txt#L11 | MISC:https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3 | URL:https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3 | MISC:https://www.npmjs.com/package/total.js | URL:https://www.npmjs.com/package/total.js;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-32839;Candidate;sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.;CONFIRM:https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf | URL:https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf | MISC:https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb | URL:https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb;Assigned (20210512);None (candidate not yet proposed) +CVE-2021-33026;Candidate;"** DISPUTED ** The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision.";MISC:https://github.com/pallets-eco/flask-caching/pull/209#issuecomment-1136397937 | MISC:https://github.com/sh4nks/flask-caching/pull/209;Assigned (20210513);None (candidate not yet proposed) +CVE-2021-33430;Candidate;"** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user.";MISC:https://github.com/numpy/numpy/issues/18939;Assigned (20210520);None (candidate not yet proposed) +CVE-2021-33509;Candidate;Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.;MISC:https://plone.org/security/hotfix/20210518/writing-arbitrary-files-via-docutils-and-python-script | MLIST:[oss-security] 20210522 Re: Plone security hotfix 20210518 | URL:http://www.openwall.com/lists/oss-security/2021/05/22/1;Assigned (20210521);None (candidate not yet proposed) +CVE-2021-33571;Candidate;In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4_address and validate_ipv46_address are unaffected with Python 3.9.5+..) .;CONFIRM:https://security.netapp.com/advisory/ntap-20210727-0004/ | CONFIRM:https://www.djangoproject.com/weblog/2021/jun/02/security-releases/ | FEDORA:FEDORA-2022-e7fd530688 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4SQG2EAF4WCI2SLRL6XRDJ3RPK3ZRDV/ | MISC:https://docs.djangoproject.com/en/3.2/releases/security/ | MISC:https://groups.google.com/g/django-announce/c/sPyjSKMi8Eo | MISC:v2.2.24 | URL:https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc | MISC:v3.1.12 | URL:https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e | MISC:v3.2.4 | URL:https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d;Assigned (20210525);None (candidate not yet proposed) +CVE-2021-33880;Candidate;The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.;MISC:https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 | URL:https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html;Assigned (20210606);None (candidate not yet proposed) +CVE-2021-3426;Candidate;There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.;CONFIRM:https://security.netapp.com/advisory/ntap-20210629-0003/ | URL:https://security.netapp.com/advisory/ntap-20210629-0003/ | FEDORA:FEDORA-2021-067c9deff1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/ | FEDORA:FEDORA-2021-0a8f3ffbc0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/ | FEDORA:FEDORA-2021-1769a23935 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/ | FEDORA:FEDORA-2021-2ab6f060d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/ | FEDORA:FEDORA-2021-a26257ccf5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/ | FEDORA:FEDORA-2021-a311bf10d4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/ | FEDORA:FEDORA-2021-b6b6093b3a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/ | GENTOO:GLSA-202104-04 | URL:https://security.gentoo.org/glsa/202104-04 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1935913 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1935913 | MISC:https://www.oracle.com/security-alerts/cpujan2022.html | URL:https://www.oracle.com/security-alerts/cpujan2022.html | MISC:https://www.oracle.com/security-alerts/cpuoct2021.html | URL:https://www.oracle.com/security-alerts/cpuoct2021.html | MLIST:[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update | URL:https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html | MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html;Assigned (20210309);None (candidate not yet proposed) +CVE-2021-34363;Candidate;"The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the ""undo archive operation"" feature.";FEDORA:FEDORA-2022-0f1653e269 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MEDDLBFVRUQHPYIBJ4MFM3M4NUJUXL5/ | FEDORA:FEDORA-2022-5aeda24c24 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YA6UNQSOY6M3NJDZLS6YJXTS4WGDMEEJ/ | MISC:https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 | MISC:https://github.com/nvbn/thefuck/releases/tag/3.31 | MISC:https://vuln.ryotak.me/advisories/48;Assigned (20210609);None (candidate not yet proposed) +CVE-2021-34552;Candidate;Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.;FEDORA:FEDORA-2021-3ec845dc0c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUGBBT63VL7G4JNOEIPDJIOC34ZFBKNJ/ | FEDORA:FEDORA-2021-bf01a738f3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V6LCG525ARIX6LX5QRYNAWVDD2MD2SV/ | GENTOO:GLSA-202211-10 | URL:https://security.gentoo.org/glsa/202211-10 | MISC:https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow | MISC:https://pillow.readthedocs.io/en/stable/releasenotes/index.html | MLIST:[debian-lts-announce] 20210722 [SECURITY] [DLA 2716-1] pillow security update | URL:https://lists.debian.org/debian-lts-announce/2021/07/msg00018.html;Assigned (20210610);None (candidate not yet proposed) +CVE-2021-3572;Candidate;A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.;MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1962856 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1962856 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html;Assigned (20210601);None (candidate not yet proposed) +CVE-2021-36359;Candidate;OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.;FULLDISC:20210827 SEC Consult SA-20210827-1 :: XML Tag injection in BSCW Server | URL:http://seclists.org/fulldisclosure/2021/Aug/23 | MISC:http://packetstormsecurity.com/files/163988/BSCW-Server-XML-Injection.html | MISC:https://www.bscw.de/en/company/;Assigned (20210709);None (candidate not yet proposed) +CVE-2021-36667;Candidate;Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.;MISC:http://druva.com | MISC:https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before | MISC:https://imhotepisinvisible.com/druva-lpe/;Assigned (20210712);None (candidate not yet proposed) +CVE-2021-3737;Candidate;A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.;CONFIRM:https://security.netapp.com/advisory/ntap-20220407-0009/ | URL:https://security.netapp.com/advisory/ntap-20220407-0009/ | MISC:https://bugs.python.org/issue44022 | URL:https://bugs.python.org/issue44022 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1995162 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1995162 | MISC:https://github.com/python/cpython/pull/25916 | URL:https://github.com/python/cpython/pull/25916 | MISC:https://github.com/python/cpython/pull/26503 | URL:https://github.com/python/cpython/pull/26503 | MISC:https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html | URL:https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html | MISC:https://ubuntu.com/security/CVE-2021-3737 | URL:https://ubuntu.com/security/CVE-2021-3737 | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html;Assigned (20210826);None (candidate not yet proposed) +CVE-2021-37678;Candidate;TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r | MISC:https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012 | URL:https://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012;Assigned (20210729);None (candidate not yet proposed) +CVE-2021-38305;Candidate;"23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each line is run through Python's eval function to make the validator available. A well-constructed string within the schema rules can execute system commands; thus, by exploiting the vulnerability, an attacker can run arbitrary code on the image that invokes Yamale.";MISC:https://github.com/23andMe/Yamale/pull/165 | MISC:https://github.com/23andMe/Yamale/releases/tag/3.0.8;Assigned (20210809);None (candidate not yet proposed) +CVE-2021-39158;Candidate;NVCaffe's python required dependencies list used to contain `gfortran`version prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.;CONFIRM:https://github.com/NVIDIA/caffe/security/advisories/GHSA-fmpp-8pwg-vwh9 | URL:https://github.com/NVIDIA/caffe/security/advisories/GHSA-fmpp-8pwg-vwh9;Assigned (20210816);None (candidate not yet proposed) +CVE-2021-39182;Candidate;EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.;CONFIRM:https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783 | URL:https://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783 | MISC:https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce | URL:https://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce;Assigned (20210816);None (candidate not yet proposed) +CVE-2021-39271;Candidate;OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.;MISC:http://packetstormsecurity.com/files/163989/BSCW-Server-Remote-Code-Execution.html | MISC:https://seclists.org/fulldisclosure/2021/Aug/24 | MISC:https://www.bscw.de/en/company/;Assigned (20210818);None (candidate not yet proposed) +CVE-2021-4007;Candidate;"Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll at ""C:\DLLs\python3.dll,"" which normally is writable by locally authenticated users. Because of this, a malicious local user could use Insight Agent's startup conditions to elevate to SYSTEM privileges. This issue was fixed in Rapid7 Insight Agent 3.1.2.35. This vulnerability is a regression of CVE-2019-5629.";CONFIRM:https://docs.rapid7.com/release-notes/insightagent/20211210/ | URL:https://docs.rapid7.com/release-notes/insightagent/20211210/ | MISC:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629 | URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629;Assigned (20211123);None (candidate not yet proposed) +CVE-2021-40828;Candidate;Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows.;MISC:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | URL:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-java-v2 | URL:https://github.com/aws/aws-iot-device-sdk-java-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-js-v2 | URL:https://github.com/aws/aws-iot-device-sdk-js-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-python-v2 | URL:https://github.com/aws/aws-iot-device-sdk-python-v2 | MISC:https://github.com/awslabs/aws-c-io/ | URL:https://github.com/awslabs/aws-c-io/;Assigned (20210909);None (candidate not yet proposed) +CVE-2021-40829;Candidate;Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.;MISC:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | URL:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-java-v2 | URL:https://github.com/aws/aws-iot-device-sdk-java-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-js-v2 | URL:https://github.com/aws/aws-iot-device-sdk-js-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-python-v2 | URL:https://github.com/aws/aws-iot-device-sdk-python-v2 | MISC:https://github.com/awslabs/aws-c-io/ | URL:https://github.com/awslabs/aws-c-io/;Assigned (20210909);None (candidate not yet proposed) +CVE-2021-40830;Candidate;"The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.";MISC:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | URL:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-java-v2 | URL:https://github.com/aws/aws-iot-device-sdk-java-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-js-v2 | URL:https://github.com/aws/aws-iot-device-sdk-js-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-python-v2 | URL:https://github.com/aws/aws-iot-device-sdk-python-v2 | MISC:https://github.com/awslabs/aws-c-io/ | URL:https://github.com/awslabs/aws-c-io/;Assigned (20210909);None (candidate not yet proposed) +CVE-2021-40831;Candidate;"The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to address this behavior. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.7.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.14.0 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.6.0 on macOS. Amazon Web Services AWS-C-IO 0.10.7 on macOS.";MISC:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | URL:https://github.com/aws/aws-iot-device-sdk-cpp-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-java-v2 | URL:https://github.com/aws/aws-iot-device-sdk-java-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-js-v2 | URL:https://github.com/aws/aws-iot-device-sdk-js-v2 | MISC:https://github.com/aws/aws-iot-device-sdk-python-v2 | URL:https://github.com/aws/aws-iot-device-sdk-python-v2 | MISC:https://github.com/awslabs/aws-c-io/ | URL:https://github.com/awslabs/aws-c-io/;Assigned (20210909);None (candidate not yet proposed) +CVE-2021-40839;Candidate;"The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.";CONFIRM:https://security.netapp.com/advisory/ntap-20211008-0001/ | FEDORA:FEDORA-2022-02340931ec | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMVQRPDVSVZNGGX57CFKCYT3DEYO4QB6/ | FEDORA:FEDORA-2022-1033a2718b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MCLETLGVM5DBX6QNHQFW6TWGO5T3DENY/ | MISC:https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 | MISC:https://github.com/aresch/rencode/pull/29 | MISC:https://pypi.org/project/rencode/#history | MISC:https://seclists.org/fulldisclosure/2021/Sep/16;Assigned (20210910);None (candidate not yet proposed) +CVE-2021-41121;Candidate;Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.;CONFIRM:https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-xv8x-pr4h-73jv | MISC:https://github.com/vyperlang/vyper/pull/2447 | URL:https://github.com/vyperlang/vyper/pull/2447;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41122;Candidate;Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.;CONFIRM:https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46 | MISC:https://github.com/vyperlang/vyper/pull/2447 | URL:https://github.com/vyperlang/vyper/pull/2447;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41125;Candidate;Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`.;CONFIRM:https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 | URL:https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 | MISC:http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth | URL:http://doc.scrapy.org/en/latest/topics/downloader-middleware.html#module-scrapy.downloadermiddlewares.httpauth | MISC:https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 | URL:https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 | MISC:https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header | URL:https://w3lib.readthedocs.io/en/latest/w3lib.html#w3lib.http.basic_auth_header | MLIST:[debian-lts-announce] 20220316 [SECURITY] [DLA 2950-1] python-scrapy security update | URL:https://lists.debian.org/debian-lts-announce/2022/03/msg00021.html;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41131;Candidate;python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.;CONFIRM:https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr | URL:https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr | MISC:https://github.com/theupdateframework/python-tuf/commit/4ad7ae48fda594b640139c3b7eae21ed5155a102 | URL:https://github.com/theupdateframework/python-tuf/commit/4ad7ae48fda594b640139c3b7eae21ed5155a102 | MISC:https://github.com/theupdateframework/python-tuf/issues/1527 | URL:https://github.com/theupdateframework/python-tuf/issues/1527;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41168;Candidate;Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0.;CONFIRM:https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6 | URL:https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6 | MISC:https://github.com/reddit/snudown/commit/1ac2c130b210539ee1e5d67a7bac93f9d8007c0e | URL:https://github.com/reddit/snudown/commit/1ac2c130b210539ee1e5d67a7bac93f9d8007c0e;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41213;Candidate;TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf | MISC:https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7 | URL:https://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41250;Candidate;Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0;CONFIRM:https://github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6 | URL:https://github.com/python-discord/bot/security/advisories/GHSA-j8c3-8x46-8pp6 | MISC:https://github.com/python-discord/bot/commit/67390298852513d13e0213870e50fb3cff1424e0 | URL:https://github.com/python-discord/bot/commit/67390298852513d13e0213870e50fb3cff1424e0;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-41281;Candidate;Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config.;CONFIRM:https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c | FEDORA:FEDORA-2021-2f9dcdbace | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N3WY56LCEZ4ZECLWV5KMAXF2PSMUB4F2/ | FEDORA:FEDORA-2021-9758549fce | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EU7QRE55U4IUEDLKT5IYPWL3UXMELFAS/ | MISC:https://github.com/matrix-org/synapse/commit/91f2bd090 | URL:https://github.com/matrix-org/synapse/commit/91f2bd090 | MISC:https://github.com/matrix-org/synapse/releases/tag/v1.47.1 | URL:https://github.com/matrix-org/synapse/releases/tag/v1.47.1;Assigned (20210915);None (candidate not yet proposed) +CVE-2021-4189;Candidate;A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.;CONFIRM:https://security.netapp.com/advisory/ntap-20221104-0004/ | MISC:https://access.redhat.com/security/cve/CVE-2021-4189 | URL:https://access.redhat.com/security/cve/CVE-2021-4189 | MISC:https://bugs.python.org/issue43285 | URL:https://bugs.python.org/issue43285 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2036020 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2036020 | MISC:https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e | URL:https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e | MISC:https://python-security.readthedocs.io/vuln/ftplib-pasv.html | URL:https://python-security.readthedocs.io/vuln/ftplib-pasv.html | MISC:https://security-tracker.debian.org/tracker/CVE-2021-4189 | URL:https://security-tracker.debian.org/tracker/CVE-2021-4189 | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html;Assigned (20211229);None (candidate not yet proposed) +CVE-2021-42343;Candidate;An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.;CONFIRM:https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr | MISC:https://docs.dask.org/en/latest/changelog.html | MISC:https://github.com/dask/dask/tags;Assigned (20211014);None (candidate not yet proposed) +CVE-2021-42561;Candidate;"An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python ""os.system"" function. This allows attackers to use shell metacharacters (e.g., backticks ""``"" or dollar parenthesis ""$()"" ) in order to escape the current command and execute arbitrary shell commands.";MISC:https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-42561-Command%20Injection%20Via%20the%20Human%20Plugin-MITRE%20Caldera | MISC:https://github.com/mitre/caldera/releases;Assigned (20211018);None (candidate not yet proposed) +CVE-2021-42576;Candidate;The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.;MISC:https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/;Assigned (20211018);None (candidate not yet proposed) +CVE-2021-42771;Candidate;Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.;DEBIAN:DSA-5018 | URL:https://www.debian.org/security/2021/dsa-5018 | MISC:https://github.com/python-babel/babel/pull/782 | MISC:https://lists.debian.org/debian-lts/2021/10/msg00040.html | MISC:https://www.tenable.com/security/research/tra-2021-14 | MLIST:[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update | URL:https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html;Assigned (20211020);None (candidate not yet proposed) +CVE-2021-43572;Candidate;The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.;MISC:https://github.com/starkbank/ecdsa-python/commit/d136170666e9510eb63c2572551805807bd4c17f | MISC:https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1 | URL:https://github.com/starkbank/ecdsa-python/releases/tag/v2.0.1 | MISC:https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/ | URL:https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/;Assigned (20211109);None (candidate not yet proposed) +CVE-2021-43818;Candidate;lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.;CONFIRM:https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 | URL:https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 | CONFIRM:https://security.netapp.com/advisory/ntap-20220107-0005/ | URL:https://security.netapp.com/advisory/ntap-20220107-0005/ | DEBIAN:DSA-5043 | URL:https://www.debian.org/security/2022/dsa-5043 | FEDORA:FEDORA-2021-6e8fb79f90 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4SPKJX3RRJK4UWA6FXCRHD2TVRQI44/ | FEDORA:FEDORA-2021-9f9e7c5c4f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGNET2A4WGLSUXLBFYKNC5PXHQMI3I7/ | FEDORA:FEDORA-2022-7129fbaeed | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2XMOM5PFT6U5AAXY6EFNT5JZCKKHK2V/ | FEDORA:FEDORA-2022-96c79bf003 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUIS2KE3HZ2AAQKXFLTJFZPP2IFHJTC7/ | GENTOO:GLSA-202208-06 | URL:https://security.gentoo.org/glsa/202208-06 | MISC:https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a | URL:https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a | MISC:https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776 | URL:https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776 | MISC:https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 | URL:https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MLIST:[debian-lts-announce] 20211230 [SECURITY] [DLA 2871-1] lxml security update | URL:https://lists.debian.org/debian-lts-announce/2021/12/msg00037.html;Assigned (20211116);None (candidate not yet proposed) +CVE-2021-43837;Candidate;vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. If the content of the vault can be completely trusted, then this is not a problem. Otherwise, if your threat model includes cases where an attacker can manipulate a secret value read from the vault using vault-cli, then this vulnerability may impact you. In 3.0.0, the code related to interpreting vault templated secrets has been removed entirely. Users are advised to upgrade as soon as possible. For users unable to upgrade a workaround does exist. Using the environment variable `VAULT_CLI_RENDER=false` or the flag `--no-render` (placed between `vault-cli` and the subcommand, e.g. `vault-cli --no-render get-all`) or adding `render: false` to the vault-cli configuration yaml file disables rendering and removes the vulnerability. Using the python library, you can use: `vault_cli.get_client(render=False)` when creating your client to get a client that will not render templated secrets and thus operates securely.;CONFIRM:https://github.com/peopledoc/vault-cli/security/advisories/GHSA-q34h-97wf-8r8j | URL:https://github.com/peopledoc/vault-cli/security/advisories/GHSA-q34h-97wf-8r8j | MISC:https://github.com/peopledoc/vault-cli/commit/3ba3955887fd6b7d4d646c8b260f21cebf5db852 | URL:https://github.com/peopledoc/vault-cli/commit/3ba3955887fd6b7d4d646c8b260f21cebf5db852 | MISC:https://podalirius.net/en/publications/grehack-2021-optimizing-ssti-payloads-for-jinja2/ | URL:https://podalirius.net/en/publications/grehack-2021-optimizing-ssti-payloads-for-jinja2/;Assigned (20211116);None (candidate not yet proposed) +CVE-2021-43854;Candidate;NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit.;CONFIRM:https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x | URL:https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x | MISC:https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 | URL:https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 | MISC:https://github.com/nltk/nltk/issues/2866 | URL:https://github.com/nltk/nltk/issues/2866 | MISC:https://github.com/nltk/nltk/pull/2869 | URL:https://github.com/nltk/nltk/pull/2869;Assigned (20211116);None (candidate not yet proposed) +CVE-2021-44255;Candidate;Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server.;MISC:https://github.com/ccrisan/motioneyeos/issues/2843 | MISC:https://www.pizzapower.me/2021/10/09/self-hosted-security-part-1-motioneye/;Assigned (20211129);None (candidate not yet proposed) +CVE-2021-45082;Candidate;"An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the ""#from MODULE import"" substring. (Only lines beginning with #import are blocked.)";FEDORA:FEDORA-2022-0649006be6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEJN7CPW6YCHBFQPFZKGA6AVA6T5NPIW/ | FEDORA:FEDORA-2022-0c6402a6a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5CSXQE7Q4TVDQJKFYBO4XDH3BZ7BLAR/ | FEDORA:FEDORA-2022-f1510aa454 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZCXMOUW4DH4DYWIJN44SMSU6R3CZDZBE/ | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1193678 | MISC:https://github.com/cobbler/cobbler/releases;Assigned (20211216);None (candidate not yet proposed) +CVE-2021-46823;Candidate;python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.;MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/221507 | MISC:https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm;Assigned (20220618);None (candidate not yet proposed) +CVE-2022-0391;Candidate;A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.;CONFIRM:https://security.netapp.com/advisory/ntap-20220225-0009/ | URL:https://security.netapp.com/advisory/ntap-20220225-0009/ | FEDORA:FEDORA-2022-18ad73aba6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/ | FEDORA:FEDORA-2022-ef99a016f6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/ | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://bugs.python.org/issue43882 | URL:https://bugs.python.org/issue43882 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html;Assigned (20220127);None (candidate not yet proposed) +CVE-2022-0718;Candidate;"A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( "" ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.";MISC:[debian-lts-announce] 20220913 [SECURITY] [DLA 3106-1] python-oslo.utils security update | URL:https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html | MISC:https://access.redhat.com/security/cve/CVE-2022-0718 | URL:https://access.redhat.com/security/cve/CVE-2022-0718 | MISC:https://bugs.launchpad.net/oslo.utils/+bug/1949623 | URL:https://bugs.launchpad.net/oslo.utils/+bug/1949623 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2056850 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2056850 | MISC:https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa | URL:https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa | MISC:https://security-tracker.debian.org/tracker/CVE-2022-0718 | URL:https://security-tracker.debian.org/tracker/CVE-2022-0718;Assigned (20220222);None (candidate not yet proposed) +CVE-2022-1941;Candidate;A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.;CONFIRM:https://cloud.google.com/support/bulletins#GCP-2022-019 | URL:https://cloud.google.com/support/bulletins#GCP-2022-019 | CONFIRM:https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf | URL:https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf | FEDORA:FEDORA-2022-15729fa33d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/ | FEDORA:FEDORA-2022-25f35ed634 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/ | MLIST:[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update | URL:https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html | MLIST:[oss-security] 20220927 CVE-2022-1941: Protobuf C++, Python DoS | URL:http://www.openwall.com/lists/oss-security/2022/09/27/1;Assigned (20220530);None (candidate not yet proposed) +CVE-2022-21668;Candidate;pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability.;CONFIRM:https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w | URL:https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w | FEDORA:FEDORA-2022-0d007466b3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56HBA3EOSLEDNCCBJVHE6DO34P56EOUM/ | FEDORA:FEDORA-2022-508e460384 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KCROBYHUS6DKQPCXBRPCZ5CDBNQTYAWT/ | FEDORA:FEDORA-2022-77ce20f03a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHQRIWKDP3SVJABAPEXBIQPKDI6UP7G4/ | MISC:https://github.com/pypa/pipenv/commit/439782a8ae36c4762c88e43d5f0d8e563371b46f | URL:https://github.com/pypa/pipenv/commit/439782a8ae36c4762c88e43d5f0d8e563371b46f | MISC:https://github.com/pypa/pipenv/releases/tag/v2022.1.8 | URL:https://github.com/pypa/pipenv/releases/tag/v2022.1.8;Assigned (20211116);None (candidate not yet proposed) +CVE-2022-21699;Candidate;IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.;CONFIRM:https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x | URL:https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x | FEDORA:FEDORA-2022-b58d156ab0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/ | FEDORA:FEDORA-2022-b9e38f8a56 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/ | MISC:https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 | URL:https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 | MISC:https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 | URL:https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 | MLIST:[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update | URL:https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html;Assigned (20211116);None (candidate not yet proposed) +CVE-2022-21712;Candidate;twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.;CONFIRM:https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx | URL:https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx | FEDORA:FEDORA-2022-71b66d4747 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/ | FEDORA:FEDORA-2022-9a489fa494 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/ | GENTOO:GLSA-202301-02 | URL:https://security.gentoo.org/glsa/202301-02 | MISC:https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 | URL:https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 | MISC:https://github.com/twisted/twisted/releases/tag/twisted-22.1.0 | URL:https://github.com/twisted/twisted/releases/tag/twisted-22.1.0 | MLIST:[debian-lts-announce] 20220219 [SECURITY] [DLA 2927-1] twisted security update | URL:https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html;Assigned (20211116);None (candidate not yet proposed) +CVE-2022-21716;Candidate;Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.;CONFIRM:https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx | URL:https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx | FEDORA:FEDORA-2022-71b66d4747 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/ | FEDORA:FEDORA-2022-9a489fa494 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/ | GENTOO:GLSA-202301-02 | URL:https://security.gentoo.org/glsa/202301-02 | MISC:https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 | URL:https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 | MISC:https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 | URL:https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 | MISC:https://twistedmatrix.com/trac/ticket/10284 | URL:https://twistedmatrix.com/trac/ticket/10284 | MISC:https://www.oracle.com/security-alerts/cpuapr2022.html | URL:https://www.oracle.com/security-alerts/cpuapr2022.html | MLIST:[debian-lts-announce] 20220308 [SECURITY] [DLA 2938-1] twisted security update | URL:https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html;Assigned (20211116);None (candidate not yet proposed) +CVE-2022-21728;Candidate;Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8 | MISC:https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428 | URL:https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.h#L415-L428 | MISC:https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671 | URL:https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/ops/array_ops.cc#L1636-L1671 | MISC:https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995 | URL:https://github.com/tensorflow/tensorflow/commit/37c01fb5e25c3d80213060460196406c43d31995;Assigned (20211116);None (candidate not yet proposed) +CVE-2022-22817;Candidate;PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.;CONFIRM:https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security | DEBIAN:DSA-5053 | URL:https://www.debian.org/security/2022/dsa-5053 | GENTOO:GLSA-202211-10 | URL:https://security.gentoo.org/glsa/202211-10 | MISC:https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval | MLIST:[debian-lts-announce] 20220123 [SECURITY] [DLA 2893-1] pillow security update | URL:https://lists.debian.org/debian-lts-announce/2022/01/msg00018.html;Assigned (20220107);None (candidate not yet proposed) +CVE-2022-22846;Candidate;The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.;MISC:https://github.com/paulc/dnslib/issues/30;Assigned (20220109);None (candidate not yet proposed) +CVE-2022-22984;Candidate;"The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.";MISC:https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a | URL:https://github.com/snyk/cli/commit/80d97a93326406e09776156daf72e3caa03ae25a | MISC:https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381 | URL:https://github.com/snyk/snyk-cocoapods-plugin/commit/c73e049c5200772babde61c40aab57296bf91381 | MISC:https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357 | URL:https://github.com/snyk/snyk-docker-plugin/commit/d730d7630691a61587b120bb11daaaf4b58a8357 | MISC:https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009 | URL:https://github.com/snyk/snyk-gradle-plugin/commit/bb1c1c72a75e97723a76b14d2d73f70744ed5009 | MISC:https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3 | URL:https://github.com/snyk/snyk-hex-plugin/commit/e8dd2a330b40d7fc0ab47e34413e80a0146d7ac3 | MISC:https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50 | URL:https://github.com/snyk/snyk-mvn-plugin/commit/02cda9ba1ea36b00ead3f6ec2de0f97397ebec50 | MISC:https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4 | URL:https://github.com/snyk/snyk-python-plugin/commit/8591abdd9236108ac3e30c70c09238d6bb6aabf4 | MISC:https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437 | URL:https://github.com/snyk/snyk-sbt-plugin/commit/99c09eb12c9f8f2b237aea9627aab1ae3cab6437 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYK-3038622 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625 | MISC:https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680 | URL:https://security.snyk.io/vuln/SNYK-JS-SNYKSNYKHEXPLUGIN-3039680 | MISC:https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/ | URL:https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution/;Assigned (20220224);None (candidate not yet proposed) +CVE-2022-23472;Candidate;Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python `random` library for random value selection. The python `random` library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator. As a result a motivated attacker may be able to guess generated passwords. This issue has been addressed in version 1.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/ArjunSharda/Passeo/commit/8caa798b6bc4647dca59b2376204b6dc6176361a | URL:https://github.com/ArjunSharda/Passeo/commit/8caa798b6bc4647dca59b2376204b6dc6176361a | MISC:https://github.com/ArjunSharda/Passeo/security/advisories/GHSA-mhhf-vgwh-fw9h | URL:https://github.com/ArjunSharda/Passeo/security/advisories/GHSA-mhhf-vgwh-fw9h | MISC:https://peps.python.org/pep-0506/ | URL:https://peps.python.org/pep-0506/;Assigned (20220119);None (candidate not yet proposed) +CVE-2022-23485;Candidate;Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result an attacker with a valid invite link can create multiple users and join an organization they may not have been originally invited to. This issue was patched in version 22.11.0. Sentry SaaS customers do not need to take action. Self-hosted Sentry installs on systems which can not upgrade can disable the invite functionality until they are ready to deploy the patched version by editing their `sentry.conf.py` file (usually located at `~/.sentry/`).;MISC:https://github.com/getsentry/sentry/security/advisories/GHSA-jv85-mqxj-3f9j | URL:https://github.com/getsentry/sentry/security/advisories/GHSA-jv85-mqxj-3f9j;Assigned (20220119);None (candidate not yet proposed) +CVE-2022-23586;Candidate;Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-43jf-985q-588j | MISC:https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc | URL:https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/function.cc | MISC:https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645 | URL:https://github.com/tensorflow/tensorflow/commit/3d89911481ba6ebe8c88c1c0b595412121e6c645 | MISC:https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2 | URL:https://github.com/tensorflow/tensorflow/commit/dcc21c7bc972b10b6fb95c2fb0f4ab5a59680ec2;Assigned (20220119);None (candidate not yet proposed) +CVE-2022-23594;Candidate;Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2 | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2 | MISC:https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport | URL:https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport;Assigned (20220119);None (candidate not yet proposed) +CVE-2022-23599;Candidate;Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.;CONFIRM:https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh | URL:https://github.com/plone/Products.ATContentTypes/security/advisories/GHSA-g4c2-ghfg-g5rh | MISC:https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8 | URL:https://github.com/plone/Products.ATContentTypes/commit/fc793f88f35a15a68b52e4abed77af0da5fdbab8;Assigned (20220119);None (candidate not yet proposed) +CVE-2022-23651;Candidate;b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. SDK users of the SqliteAccountInfo format are vulnerable while users of the InMemoryAccountInfo format are safe. The SqliteAccountInfo saves API keys (and bucket name-to-id mapping) in a local database file ($XDG_CONFIG_HOME/b2/account_info, ~/.b2_account_info or a user-defined path). When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory containing the file is readable by a local attacker then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Consumers of this SDK who rely on it to save data using SqliteAccountInfo class should upgrade to the latest version of the SDK. Those who believe a local user might have opened a handle using this race condition, should remove the affected database files and regenerate all application keys. Users should upgrade to b2-sdk-python 1.14.1 or later.;CONFIRM:https://github.com/Backblaze/b2-sdk-python/security/advisories/GHSA-p867-fxfr-ph2w | URL:https://github.com/Backblaze/b2-sdk-python/security/advisories/GHSA-p867-fxfr-ph2w | MISC:https://github.com/Backblaze/b2-sdk-python/commit/62476638986e5b6d7459aca5ef8ce220760226e0 | URL:https://github.com/Backblaze/b2-sdk-python/commit/62476638986e5b6d7459aca5ef8ce220760226e0 | MISC:https://pypi.org/project/b2sdk/ | URL:https://pypi.org/project/b2sdk/;Assigned (20220119);None (candidate not yet proposed) +CVE-2022-24065;Candidate;The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.;FEDORA:FEDORA-2022-4a3d83a1d2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5TXC4JYTNGOUFMCXPZ6QKWEZN3URTAK/ | FEDORA:FEDORA-2022-ff1c98b2fe | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQKWT7SGFDCUPPLDIELTN7FVTHWDL5YK/ | MISC:https://github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77 | URL:https://github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77 | MISC:https://github.com/cookiecutter/cookiecutter/releases/tag/2.1.1 | URL:https://github.com/cookiecutter/cookiecutter/releases/tag/2.1.1 | MISC:https://snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281 | URL:https://snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281;Assigned (20220224);None (candidate not yet proposed) +CVE-2022-24439;Candidate;All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.;FEDORA:FEDORA-2022-8146a727a8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IKMVYKLWX62UEYKAN64RUZMOIAMZM5JN/ | FEDORA:FEDORA-2022-ce7369b9ec | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJHN3QUXPJIMM6SULIR3PR34UFWRAE7X/ | FEDORA:FEDORA-2023-1ec4e542f9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/ | FEDORA:FEDORA-2023-26116901d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/ | GENTOO:GLSA-202311-01 | URL:https://security.gentoo.org/glsa/202311-01 | MISC:https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249 | URL:https://github.com/gitpython-developers/GitPython/blob/bec61576ae75803bc4e60d8de7a629c194313d1c/git/repo/base.py%23L1249 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 | MLIST:[debian-lts-announce] 20230725 [SECURITY] [DLA 3502-1] python-git security update | URL:https://lists.debian.org/debian-lts-announce/2023/07/msg00024.html;Assigned (20220224);None (candidate not yet proposed) +CVE-2022-24761;Candidate;"Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.";CONFIRM:https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 | URL:https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 | DEBIAN:DSA-5138 | URL:https://www.debian.org/security/2022/dsa-5138 | MISC:https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 | URL:https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 | MISC:https://github.com/Pylons/waitress/releases/tag/v2.1.1 | URL:https://github.com/Pylons/waitress/releases/tag/v2.1.1 | MLIST:[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html;Assigned (20220210);None (candidate not yet proposed) +CVE-2022-24787;Candidate;"Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `""\x00""` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.";CONFIRM:https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm | MISC:https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508 | URL:https://github.com/vyperlang/vyper/commit/2c73f8352635c0a433423a5b94740de1a118e508;Assigned (20220210);None (candidate not yet proposed) +CVE-2022-24788;Candidate;Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.;CONFIRM:https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg | MISC:https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | URL:https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b;Assigned (20220210);None (candidate not yet proposed) +CVE-2022-24801;Candidate;"Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.";CONFIRM:https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq | URL:https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq | FEDORA:FEDORA-2022-71b66d4747 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/ | FEDORA:FEDORA-2022-9a489fa494 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/ | MISC:https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac | URL:https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac | MISC:https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1 | URL:https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1 | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MLIST:[debian-lts-announce] 20220503 [SECURITY] [DLA 2991-1] twisted security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00003.html;Assigned (20220210);None (candidate not yet proposed) +CVE-2022-24845;Candidate;Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.;CONFIRM:https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-j2x6-9323-fp7h | MISC:https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b | URL:https://github.com/vyperlang/vyper/commit/049dbdc647b2ce838fae7c188e6bb09cf16e470b;Assigned (20220210);None (candidate not yet proposed) +CVE-2022-24859;Candidate;PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.;CONFIRM:https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79 | URL:https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79 | MISC:https://github.com/py-pdf/PyPDF2/issues/329 | URL:https://github.com/py-pdf/PyPDF2/issues/329 | MISC:https://github.com/py-pdf/PyPDF2/pull/740 | URL:https://github.com/py-pdf/PyPDF2/pull/740 | MISC:https://github.com/py-pdf/PyPDF2/releases/tag/1.27.5 | URL:https://github.com/py-pdf/PyPDF2/releases/tag/1.27.5 | MLIST:[debian-lts-announce] 20220603 [SECURITY] [DLA 3039-1] pypdf2 security update | URL:https://lists.debian.org/debian-lts-announce/2022/06/msg00001.html | MLIST:[debian-lts-announce] 20230609 [SECURITY] [DLA 3451-1] pypdf2 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00013.html;Assigned (20220210);None (candidate not yet proposed) +CVE-2022-25024;Candidate;The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.;MISC:https://github.com/vinitkumar/json2xml/issues/106 | MISC:https://github.com/vinitkumar/json2xml/pull/107 | MISC:https://github.com/vinitkumar/json2xml/pull/107/files | MISC:https://packaging.python.org/en/latest/guides/analyzing-pypi-package-downloads/;Assigned (20220214);None (candidate not yet proposed) +CVE-2022-26032;Candidate;Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.;MISC:http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html | URL:http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html;Assigned (20220309);None (candidate not yet proposed) +CVE-2022-2634;Candidate;An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed.;MISC:https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01 | URL:https://www.cisa.gov/uscert/ics/advisories/icsa-22-216-01;Assigned (20220802);None (candidate not yet proposed) +CVE-2022-26488;Candidate;In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.;CONFIRM:https://security.netapp.com/advisory/ntap-20220419-0005/ | MISC:https://mail.python.org/archives/list/security-announce@python.org/thread/657Z4XULWZNIY5FRP3OWXHYKUSIH6DMN/;Assigned (20220306);None (candidate not yet proposed) +CVE-2022-27177;Candidate;A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2;MISC:https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md | URL:https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md;Assigned (20220325);None (candidate not yet proposed) +CVE-2022-27271;Candidate;InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet.;MISC:https://drive.google.com/drive/folders/1zJ2dGrKar-WTlYz13v1f0BIsoIm3aU0l?usp=sharing | MISC:https://github.com/wu610777031/IoT_Hunter/blob/main/Inhand%20InRouter%20900%20Industrial%204G%20Router%20%20Vulnerabilities(RCE).pdf;Assigned (20220321);None (candidate not yet proposed) +CVE-2022-27896;Candidate;Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.;MISC:https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md | URL:https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-08.md;Assigned (20220325);None (candidate not yet proposed) +CVE-2022-28696;Candidate;Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.;MISC:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00684.html | URL:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00684.html;Assigned (20220405);None (candidate not yet proposed) +CVE-2022-28802;Candidate;Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included execution of Python or JavaScript code. In other words, Code by Zapier was providing a customer-controlled general-purpose virtual machine that unintentionally granted full access to all users of a company's account, but was supposed to enforce role-based access control within that company's account. Before 2022-08-17, a customer could have resolved this by (in effect) using a separate virtual machine for an application that held credentials - or other secrets - that weren't supposed to be shared among all of its employees. (Multiple accounts would have been needed to operate these independent virtual machines.);MISC:https://www.zenity.io/blog/zapescape-organization-wide-control-over-code-by-zapier/ | MISC:https://www.zenity.io/blog/zapescape-vulnerability-disclosure/;Assigned (20220408);None (candidate not yet proposed) +CVE-2022-29217;Candidate;PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.;CONFIRM:https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 | URL:https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 | FEDORA:FEDORA-2022-3cf456dc20 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO/ | FEDORA:FEDORA-2022-4ae9110f51 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX/ | MISC:https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc | URL:https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc | MISC:https://github.com/jpadilla/pyjwt/releases/tag/2.4.0 | URL:https://github.com/jpadilla/pyjwt/releases/tag/2.4.0;Assigned (20220413);None (candidate not yet proposed) +CVE-2022-29255;Candidate;Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.;CONFIRM:https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38 | MISC:https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d | URL:https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d;Assigned (20220413);None (candidate not yet proposed) +CVE-2022-2996;Candidate;A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.;MISC:https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c | URL:https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c | MLIST:[debian-lts-announce] 20221107 [SECURITY] [DLA 3180-1] python-scciclient security update | URL:https://lists.debian.org/debian-lts-announce/2022/11/msg00006.html;Assigned (20220825);None (candidate not yet proposed) +CVE-2022-30034;Candidate;Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.;MISC:http://githubcommherflower.com | MISC:https://github.com/mher/flower/issues/1217 | MISC:https://tprynn.github.io/2022/05/26/flower-vulns.html;Assigned (20220502);None (candidate not yet proposed) +CVE-2022-30284;Candidate;** DISPUTED ** In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case.;MISC:https://github.com/savon-noir/python-libnmap/releases | MISC:https://libnmap.readthedocs.io/en/latest/process.html#using-libnmap-process | MISC:https://pypi.org/project/python-libnmap/ | MISC:https://www.swascan.com/security-advisory-libnmap-2/;Assigned (20220504);None (candidate not yet proposed) +CVE-2022-30286;Candidate;pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.;MISC:http://packetstormsecurity.com/files/167069/PyScript-2022-05-04-Alpha-Source-Code-Disclosure.html | MISC:https://cyber-guy.gitbook.io/cyber-guy/blogs/the-art-of-vulnerability-chaining-pyscript | MISC:https://cyber-guy.gitbook.io/cyber-guy/pocs/pyscript-file-read | MISC:https://github.com/pyscript/pyscript/commits/main | MISC:https://www.exploit-db.com/exploits/50918;Assigned (20220504);None (candidate not yet proposed) +CVE-2022-30298;Candidate;An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.;CONFIRM:https://fortiguard.com/psirt/FG-IR-22-152 | URL:https://fortiguard.com/psirt/FG-IR-22-152;Assigned (20220506);None (candidate not yet proposed) +CVE-2022-30688;Candidate;needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.;DEBIAN:DSA-5137 | URL:https://www.debian.org/security/2022/dsa-5137 | MISC:https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 | MISC:https://github.com/liske/needrestart/releases/tag/v3.6 | MISC:https://lists.debian.org/debian-security-announce/2022/msg00105.html | MISC:https://www.openwall.com/lists/oss-security/2022/05/17/9 | MLIST:[debian-lts-announce] 20220518 [SECURITY] [DLA 3013-1] needrestart security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html | MLIST:[oss-security] 20220517 CVE-2022-30688: needrestart 0.8+ local privilege escalation | URL:http://www.openwall.com/lists/oss-security/2022/05/17/9;Assigned (20220513);None (candidate not yet proposed) +CVE-2022-30877;Candidate;The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.;MISC:http://pypi.doubanio.com/simple/request | MISC:https://github.com/OrkoHunter/keep/issues/85 | MISC:https://pypi.org/project/keep;Assigned (20220516);None (candidate not yet proposed) +CVE-2022-30885;Candidate;The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.;MISC:http://pypi.doubanio.com/simple/request | MISC:https://github.com/esdc-esac-esa-int/pyesasky/issues/39 | MISC:https://pypi.org/project/pyesasky/;Assigned (20220516);None (candidate not yet proposed) +CVE-2022-31015;Candidate;Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.;CONFIRM:https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw | URL:https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw | MISC:https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48 | URL:https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48 | MISC:https://github.com/Pylons/waitress/issues/374 | URL:https://github.com/Pylons/waitress/issues/374 | MISC:https://github.com/Pylons/waitress/pull/377 | URL:https://github.com/Pylons/waitress/pull/377;Assigned (20220518);None (candidate not yet proposed) +CVE-2022-31116;Candidate;UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.;CONFIRM:https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r | URL:https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r | FEDORA:FEDORA-2022-1b2b8d5177 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPPU5FZP3LCTXYORFH7NHUMYA5X66IA7/ | FEDORA:FEDORA-2022-33e816bc37 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAU5N4A7EUK2AMUCOLYDD5ARXAJYZBD2/ | MISC:https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 | URL:https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687;Assigned (20220518);None (candidate not yet proposed) +CVE-2022-31117;Candidate;UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.;CONFIRM:https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff | URL:https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff | FEDORA:FEDORA-2022-1b2b8d5177 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPPU5FZP3LCTXYORFH7NHUMYA5X66IA7/ | FEDORA:FEDORA-2022-33e816bc37 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAU5N4A7EUK2AMUCOLYDD5ARXAJYZBD2/ | MISC:https://github.com/ultrajson/ultrajson/commit/9c20de0f77b391093967e25d01fb48671104b15b | URL:https://github.com/ultrajson/ultrajson/commit/9c20de0f77b391093967e25d01fb48671104b15b;Assigned (20220518);None (candidate not yet proposed) +CVE-2022-31124;Candidate;openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue.;CONFIRM:https://github.com/scottcwang/openssh_key_parser/security/advisories/GHSA-hm37-9xh2-q499 | URL:https://github.com/scottcwang/openssh_key_parser/security/advisories/GHSA-hm37-9xh2-q499 | MISC:https://github.com/scottcwang/openssh_key_parser/commit/26e0a471e9fdb23e635bc3014cf4cbd2323a08d3 | URL:https://github.com/scottcwang/openssh_key_parser/commit/26e0a471e9fdb23e635bc3014cf4cbd2323a08d3 | MISC:https://github.com/scottcwang/openssh_key_parser/commit/274447f91b4037b7050ae634879b657554523b39 | URL:https://github.com/scottcwang/openssh_key_parser/commit/274447f91b4037b7050ae634879b657554523b39 | MISC:https://github.com/scottcwang/openssh_key_parser/commit/d5b53b4b7e76c5b666fc657019dbf864fb04076c | URL:https://github.com/scottcwang/openssh_key_parser/commit/d5b53b4b7e76c5b666fc657019dbf864fb04076c | MISC:https://github.com/scottcwang/openssh_key_parser/pull/5 | URL:https://github.com/scottcwang/openssh_key_parser/pull/5;Assigned (20220518);None (candidate not yet proposed) +CVE-2022-31177;Candidate;Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue.;CONFIRM:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc | URL:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc | MISC:https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3 | URL:https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v4.1.3;Assigned (20220518);None (candidate not yet proposed) +CVE-2022-31255;Candidate;An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.;CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1204543 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1204543;Assigned (20220520);None (candidate not yet proposed) +CVE-2022-31471;Candidate;untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.;MISC:https://github.com/stchris/untangle | URL:https://github.com/stchris/untangle | MISC:https://github.com/stchris/untangle/releases/tag/1.2.1 | URL:https://github.com/stchris/untangle/releases/tag/1.2.1 | MISC:https://jvn.jp/en/jp/JVN30454777/ | URL:https://jvn.jp/en/jp/JVN30454777/;Assigned (20220712);None (candidate not yet proposed) +CVE-2022-31516;Candidate;The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.;MISC:https://github.com/github/securitylab/issues/669#issuecomment-1117265726;Assigned (20220523);None (candidate not yet proposed) +CVE-2022-31518;Candidate;The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.;MISC:https://github.com/github/securitylab/issues/669#issuecomment-1117265726;Assigned (20220523);None (candidate not yet proposed) +CVE-2022-31534;Candidate;The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.;MISC:https://github.com/github/securitylab/issues/669#issuecomment-1117265726;Assigned (20220523);None (candidate not yet proposed) +CVE-2022-31571;Candidate;The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.;MISC:https://github.com/github/securitylab/issues/669#issuecomment-1117265726;Assigned (20220523);None (candidate not yet proposed) +CVE-2022-31575;Candidate;The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.;MISC:https://github.com/github/securitylab/issues/669#issuecomment-1117265726;Assigned (20220523);None (candidate not yet proposed) +CVE-2022-32151;Candidate;The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.;CONFIRM:https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation | URL:https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation | CONFIRM:https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | URL:https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | CONFIRM:https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/ | URL:https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/ | CONFIRM:https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html | URL:https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html;Assigned (20220531);None (candidate not yet proposed) +CVE-2022-32552;Candidate;"Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.";MISC:https://support.purestorage.com/Pure_Security/Security_Bundle_2022-04-04/Security_Advisory_for_%E2%80%9Csecurity-bundle-2022-04-04;Assigned (20220608);None (candidate not yet proposed) +CVE-2022-33684;Candidate;"The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the ClientCredentialFlow 'issuer url'. The intercepted credentials can be used to acquire authentication data from the OAuth2.0 server to then authenticate with an Apache Pulsar cluster. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. The Apache Pulsar Python Client wraps the C++ client, so it is also vulnerable in the same way. This issue affects Apache Pulsar C++ Client and Python Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0 to 2.10.1; 2.6.4 and earlier. Any users running affected versions of the C++ Client or the Python Client should rotate vulnerable OAuth2.0 credentials, including client_id and client_secret. 2.7 C++ and Python Client users should upgrade to 2.7.5 and rotate vulnerable OAuth2.0 credentials. 2.8 C++ and Python Client users should upgrade to 2.8.4 and rotate vulnerable OAuth2.0 credentials. 2.9 C++ and Python Client users should upgrade to 2.9.3 and rotate vulnerable OAuth2.0 credentials. 2.10 C++ and Python Client users should upgrade to 2.10.2 and rotate vulnerable OAuth2.0 credentials. 3.0 C++ users are unaffected and 3.0 Python Client users will be unaffected when it is released. Any users running the C++ and Python Client for 2.6 or less should upgrade to one of the above patched versions.";MISC:https://huntr.dev/bounties/df89b724-3201-47aa-b8cd-282e112a566f | URL:https://huntr.dev/bounties/df89b724-3201-47aa-b8cd-282e112a566f | MISC:https://lists.apache.org/thread/ky1ssskvkj00y36k7nys9b5gm5jjrzwv | URL:https://lists.apache.org/thread/ky1ssskvkj00y36k7nys9b5gm5jjrzwv;Assigned (20220615);None (candidate not yet proposed) +CVE-2022-33977;Candidate;untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.;MISC:https://github.com/stchris/untangle | URL:https://github.com/stchris/untangle | MISC:https://github.com/stchris/untangle/releases/tag/1.2.1 | URL:https://github.com/stchris/untangle/releases/tag/1.2.1 | MISC:https://jvn.jp/en/jp/JVN30454777/ | URL:https://jvn.jp/en/jp/JVN30454777/;Assigned (20220712);None (candidate not yet proposed) +CVE-2022-35861;Candidate;pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.);MISC:https://github.com/pyenv/pyenv/commit/22fa683571d98b59ea16e5fe48ac411c67939653;Assigned (20220713);None (candidate not yet proposed) +CVE-2022-35871;Candidate;This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206.;MISC:https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | URL:https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-1018/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-1018/;Assigned (20220714);None (candidate not yet proposed) +CVE-2022-35873;Candidate;This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of ZIP files. Crafted data in a ZIP file can cause the application to execute arbitrary Python scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16949.;MISC:https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | URL:https://support.inductiveautomation.com/hc/en-us/articles/7625759776653-Regarding-Pwn2Own-2022-Vulnerabilities | MISC:https://www.zerodayinitiative.com/advisories/ZDI-22-1020/ | URL:https://www.zerodayinitiative.com/advisories/ZDI-22-1020/;Assigned (20220714);None (candidate not yet proposed) +CVE-2022-35918;Candidate;Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue.;CONFIRM:https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc | URL:https://github.com/streamlit/streamlit/security/advisories/GHSA-v4hr-4jpx-56gc | MISC:https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf | URL:https://github.com/streamlit/streamlit/commit/80d9979d5f4a00217743d607078a1d867fad8acf;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-35920;Candidate;Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue.;CONFIRM:https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6 | URL:https://github.com/sanic-org/sanic/security/advisories/GHSA-8cw9-5hmv-77w6 | MISC:https://github.com/sanic-org/sanic/issues/2478 | URL:https://github.com/sanic-org/sanic/issues/2478 | MISC:https://github.com/sanic-org/sanic/pull/2495 | URL:https://github.com/sanic-org/sanic/pull/2495;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36024;Candidate;py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.;CONFIRM:https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr | URL:https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr | MISC:https://github.com/Pycord-Development/pycord/pull/1568 | URL:https://github.com/Pycord-Development/pycord/pull/1568;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36027;Candidate;TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.;CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr | URL:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr | MISC:https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450 | URL:https://github.com/tensorflow/tensorflow/commit/aa0b852a4588cea4d36b74feb05d93055540b450 | MISC:https://github.com/tensorflow/tensorflow/issues/53767 | URL:https://github.com/tensorflow/tensorflow/issues/53767;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36040;Candidate;Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYC(python) files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number 68948017423a12786704e54227b8b2f918c2fd27 contains a patch.;CONFIRM:https://github.com/rizinorg/rizin/security/advisories/GHSA-h897-rhm9-rpmw | URL:https://github.com/rizinorg/rizin/security/advisories/GHSA-h897-rhm9-rpmw | FEDORA:FEDORA-2023-af305bed3d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQZLMHEI5D7EJASA5UW6XN4ODHLRHK6N/ | GENTOO:GLSA-202209-06 | URL:https://security.gentoo.org/glsa/202209-06 | MISC:https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27 | URL:https://github.com/rizinorg/rizin/commit/68948017423a12786704e54227b8b2f918c2fd27 | MISC:https://github.com/rizinorg/rizin/issues/2963 | URL:https://github.com/rizinorg/rizin/issues/2963;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36065;Candidate;"GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build.";CONFIRM:https://github.com/growthbook/growthbook/security/advisories/GHSA-j24q-55xh-wm4r | URL:https://github.com/growthbook/growthbook/security/advisories/GHSA-j24q-55xh-wm4r | MISC:https://github.com/growthbook/growthbook/commit/1a5edff8786d141161bf880c2fd9ccbe2850a264 | URL:https://github.com/growthbook/growthbook/commit/1a5edff8786d141161bf880c2fd9ccbe2850a264 | MISC:https://github.com/growthbook/growthbook/pull/487 | URL:https://github.com/growthbook/growthbook/pull/487;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36069;Candidate;Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory. Versions 1.1.9 and 1.2.0b1 contain patches for this issue.;MISC:https://github.com/python-poetry/poetry/releases/tag/1.1.9 | URL:https://github.com/python-poetry/poetry/releases/tag/1.1.9 | MISC:https://github.com/python-poetry/poetry/releases/tag/1.2.0b1 | URL:https://github.com/python-poetry/poetry/releases/tag/1.2.0b1 | MISC:https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw | URL:https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw | MISC:https://www.sonarsource.com/blog/securing-developer-tools-package-managers/ | URL:https://www.sonarsource.com/blog/securing-developer-tools-package-managers/;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36070;Candidate;"Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the `PATH` environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented. Versions 1.1.9 and 1.2.0b1 contain patches for this issue.";CONFIRM:https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6 | URL:https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6 | MISC:https://github.com/python-poetry/poetry/releases/tag/1.1.9 | URL:https://github.com/python-poetry/poetry/releases/tag/1.1.9 | MISC:https://github.com/python-poetry/poetry/releases/tag/1.2.0b1 | URL:https://github.com/python-poetry/poetry/releases/tag/1.2.0b1;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36087;Candidate;OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.;CONFIRM:https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7 | URL:https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7 | FEDORA:FEDORA-2022-5a74a5eea7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/ | FEDORA:FEDORA-2023-49ded4c9a5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/ | FEDORA:FEDORA-2023-5ab7049a59 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXOPIA6M57CFQPUT6HHSNXCTV6QA3UDI/ | FEDORA:FEDORA-2023-da094276a2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/ | MISC:https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py | URL:https://github.com/oauthlib/oauthlib/blob/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2/oauthlib/uri_validate.py | MISC:https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232 | URL:https://github.com/oauthlib/oauthlib/blob/d4bafd9f1d0eba3766e933b1ac598cbbf37b8914/oauthlib/oauth2/rfc6749/grant_types/base.py#L232 | MISC:https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd | URL:https://github.com/oauthlib/oauthlib/commit/2e40b412c844ecc4673c3fa3f72181f228bdbacd | MISC:https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1 | URL:https://github.com/oauthlib/oauthlib/releases/tag/v3.2.1;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36099;Candidate;XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki installation or a private XWiki installation where the user has an account. This allows arbitrary Groovy/Python/Velocity code execution which allows bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. Also, this could be used to impact the availability of the wiki. This has been patched in versions 13.10.6 and 14.4. As a workaround, edit the affected document `XWiki.XWikiServerClassSheet` or `WikiManager.XWikiServerClassSheet` and manually perform the changes from the patch fixing the issue. On XWiki versions 12.0 and later, it is also possible to import the document `XWiki.XWikiServerClassSheet` from the xwiki-platform-wiki-ui-mainwiki package version 14.4 using the import feature of the administration application as there have been no other changes to this document since XWiki 12.0.;CONFIRM:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf | MISC:https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc | URL:https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc | MISC:https://jira.xwiki.org/browse/XWIKI-19746 | URL:https://jira.xwiki.org/browse/XWIKI-19746;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36100;Candidate;XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later.;CONFIRM:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x | MISC:https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427 | URL:https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427 | MISC:https://jira.xwiki.org/browse/XWIKI-19747 | URL:https://jira.xwiki.org/browse/XWIKI-19747;Assigned (20220715);None (candidate not yet proposed) +CVE-2022-36126;Candidate;An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.;MISC:https://github.com/sourceincite/randy | MISC:https://srcincite.io/advisories/src-2022-0014/ | MISC:https://support.inductiveautomation.com/hc/en-us/articles/7625759776653;Assigned (20220716);None (candidate not yet proposed) +CVE-2022-38880;Candidate;The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-urls/issues/8 | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38881;Candidate;The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-archives/issues/12 | MISC:https://pypi.org/project/d8s-archives/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38882;Candidate;The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-json/issues/9 | MISC:https://pypi.org/project/d8s-json/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38883;Candidate;The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-math/issues/11 | MISC:https://pypi.org/project/d8s-math/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38884;Candidate;The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-grammars/issues/6 | MISC:https://pypi.org/project/d8s-grammars/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38885;Candidate;The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-netstrings/issues/4 | MISC:https://pypi.org/project/d8s-netstrings/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38886;Candidate;The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-xml/issues/10 | MISC:https://pypi.org/project/d8s-xml/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-38887;Candidate;The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-python/issues/36 | MISC:https://pypi.org/project/d8s-python/ | MISC:https://pypi.org/project/democritus-strings/;Assigned (20220829);None (candidate not yet proposed) +CVE-2022-39209;Candidate;"cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print(""![l""* 100000 + ""\n"")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.";CONFIRM:https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q | URL:https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q | FEDORA:FEDORA-2022-6bcee2cc93 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMGP65NANDVKPDMXMKYO2ZV2H2HZJY4P/ | FEDORA:FEDORA-2022-dc6d6d9d6c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEAAAI4OULDYQ2TA3HOXH54PC3DCBFZS/ | FEDORA:FEDORA-2022-f1aed93db8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUCZN3PEKUCT2JQYQTYOVIJG2KSD6G7/ | MISC:https://en.wikipedia.org/wiki/Time_complexity | URL:https://en.wikipedia.org/wiki/Time_complexity | MISC:https://github.com/github/cmark-gfm/commit/9d57d8a23142b316282bdfc954cb0ecda40a8655 | URL:https://github.com/github/cmark-gfm/commit/9d57d8a23142b316282bdfc954cb0ecda40a8655;Assigned (20220902);None (candidate not yet proposed) +CVE-2022-39227;Candidate;python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.;CONFIRM:https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp | URL:https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp | MISC:https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9 | URL:https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9 | MISC:https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml | URL:https://github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml;Assigned (20220902);None (candidate not yet proposed) +CVE-2022-39254;Candidate;matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.;CONFIRM:https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh | URL:https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh | MISC:https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 | URL:https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0;Assigned (20220902);None (candidate not yet proposed) +CVE-2022-39280;Candidate;dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.;CONFIRM:https://github.com/pyupio/dparse/security/advisories/GHSA-8fg9-p83m-x5pq | URL:https://github.com/pyupio/dparse/security/advisories/GHSA-8fg9-p83m-x5pq | MISC:https://github.com/pyupio/dparse/commit/8c990170bbd6c0cf212f1151e9025486556062d5 | URL:https://github.com/pyupio/dparse/commit/8c990170bbd6c0cf212f1151e9025486556062d5 | MISC:https://github.com/pyupio/dparse/commit/d87364f9db9ab916451b1b036cfeb039e726e614 | URL:https://github.com/pyupio/dparse/commit/d87364f9db9ab916451b1b036cfeb039e726e614 | MISC:https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS | URL:https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS;Assigned (20220902);None (candidate not yet proposed) +CVE-2022-40424;Candidate;The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0;MISC:https://github.com/democritus-project/d8s-urls/issues/9 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40425;Candidate;The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-html/issues/11 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40426;Candidate;The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-asns/issues/8 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40427;Candidate;The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0;MISC:https://github.com/democritus-project/d8s-domains/issues/7 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40428;Candidate;The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-mpeg/issues/5 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40429;Candidate;The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-ip-addresses/issues/12 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40430;Candidate;The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-utility/issues/9 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40431;Candidate;The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-pdfs/issues/5 | MISC:https://pypi.org/project/democritus-networking/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40432;Candidate;The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-strings/issues/21 | MISC:https://pypi.org/project/d8s-strings/ | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220911);None (candidate not yet proposed) +CVE-2022-40805;Candidate;The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.;MISC:https://github.com/democritus-project/d8s-urls/issues/10 | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40806;Candidate;The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0;MISC:https://github.com/democritus-project/d8s-uuids/issues/5 | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40807;Candidate;The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0;MISC:https://github.com/democritus-project/d8s-domains/issues/8 | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40808;Candidate;The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0;MISC:https://github.com/democritus-project/d8s-dates/issues/26 | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40809;Candidate;The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0;MISC:https://github.com/democritus-project/d8s-dicts/issues/6 | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40810;Candidate;The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0;MISC:https://github.com/democritus-project/d8s-ip-addresses/issues/13 | MISC:https://pypi.org/project/democritus-hypothesis/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40811;Candidate;The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-urls/issues/11 | MISC:https://pypi.org/project/democritus-file-system/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40812;Candidate;The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-pdfs/issues/6 | MISC:https://pypi.org/project/democritus-file-system/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40897;Candidate;Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.;CONFIRM:https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 | CONFIRM:https://security.netapp.com/advisory/ntap-20230214-0001/ | FEDORA:FEDORA-2023-60e2b22be0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/ | FEDORA:FEDORA-2023-9992b32c1f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/ | MISC:https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 | MISC:https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be | MISC:https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ | MISC:https://pyup.io/vulnerabilities/CVE-2022-40897/52495/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40898;Candidate;An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.;MISC:https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18 | MISC:https://pypi.org/project/wheel/ | MISC:https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-40899;Candidate;An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.;MISC:https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215 | MISC:https://github.com/PythonCharmers/python-future/pull/610 | MISC:https://github.com/python/cpython/pull/17157 | MISC:https://pypi.org/project/future/ | MISC:https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/;Assigned (20220919);None (candidate not yet proposed) +CVE-2022-41380;Candidate;The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-yaml/issues/4 | MISC:https://pypi.org/project/d8s-yaml/ | MISC:https://pypi.org/project/democritus-file-system/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41381;Candidate;The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-utility/issues/10 | MISC:https://pypi.org/project/d8s-utility/ | MISC:https://pypi.org/project/democritus-file-system/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41382;Candidate;The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-json/issues/10 | MISC:https://pypi.org/project/d8s-json/ | MISC:https://pypi.org/project/democritus-file-system/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41383;Candidate;The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-archives/issues/13 | MISC:https://pypi.org/project/d8s-archives/ | MISC:https://pypi.org/project/democritus-file-system/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41384;Candidate;The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-domains/issues/9 | MISC:https://pypi.org/project/d8s-domains/ | MISC:https://pypi.org/project/democritus-urls/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41385;Candidate;The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-html/issues/12 | MISC:https://pypi.org/project/d8s-html/ | MISC:https://pypi.org/project/democritus-urls/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41386;Candidate;The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-utility/issues/11 | MISC:https://pypi.org/project/d8s-utility/ | MISC:https://pypi.org/project/democritus-urls/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41387;Candidate;The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-pdfs/issues/7 | MISC:https://pypi.org/project/d8s-pdfs/ | MISC:https://pypi.org/project/democritus-urls/;Assigned (20220926);None (candidate not yet proposed) +CVE-2022-41607;Candidate;"All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more.";MISC:https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01 | URL:https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-01;Assigned (20220929);None (candidate not yet proposed) +CVE-2022-41931;Candidate;xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.;CONFIRM:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7 | MISC:https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01 | URL:https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01 | MISC:https://jira.xwiki.org/browse/XWIKI-19805 | URL:https://jira.xwiki.org/browse/XWIKI-19805;Assigned (20220930);None (candidate not yet proposed) +CVE-2022-41934;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.;CONFIRM:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q | MISC:https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d | URL:https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d | MISC:https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16 | URL:https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16 | MISC:https://jira.xwiki.org/browse/XWIKI-19857 | URL:https://jira.xwiki.org/browse/XWIKI-19857 | MISC:https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages | URL:https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages;Assigned (20220930);None (candidate not yet proposed) +CVE-2022-42036;Candidate;The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-urls/issues/12 | MISC:https://pypi.org/project/d8s-urls/ | MISC:https://pypi.org/project/democritus-csv/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42037;Candidate;The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-asns/issues/9 | MISC:https://pypi.org/project/d8s-asns/ | MISC:https://pypi.org/project/democritus-csv/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42038;Candidate;The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-ip-addresses/issues/14 | MISC:https://pypi.org/project/d8s-ip-addresses/ | MISC:https://pypi.org/project/democritus-csv/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42039;Candidate;The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.;MISC:https://github.com/democritus-project/d8s-lists/issues/18 | MISC:https://pypi.org/project/d8s-lists/ | MISC:https://pypi.org/project/democritus-dicts/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42040;Candidate;The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/1 | MISC:https://pypi.org/project/d8s-algorithms/ | MISC:https://pypi.org/project/democritus-dicts/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42041;Candidate;The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/2 | MISC:https://pypi.org/project/d8s-file-system/ | MISC:https://pypi.org/project/democritus-hashes/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42042;Candidate;The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/3 | MISC:https://pypi.org/project/d8s-networking/ | MISC:https://pypi.org/project/democritus-hashes/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42043;Candidate;The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/5 | MISC:https://pypi.org/project/d8s-xml/ | MISC:https://pypi.org/project/democritus-html/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42044;Candidate;The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/4 | MISC:https://pypi.org/project/d8s-asns/ | MISC:https://pypi.org/project/democritus-html/;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42268;Candidate;Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service.;MISC:https://nvidia.custhelp.com/app/answers/detail/a_id/5418 | URL:https://nvidia.custhelp.com/app/answers/detail/a_id/5418;Assigned (20221003);None (candidate not yet proposed) +CVE-2022-42919;Candidate;Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.;CONFIRM:https://github.com/python/cpython/compare/v3.10.8...v3.10.9 | CONFIRM:https://github.com/python/cpython/compare/v3.9.15...v3.9.16 | CONFIRM:https://security.netapp.com/advisory/ntap-20221209-0006/ | FEDORA:FEDORA-2022-028c09eaa7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/ | FEDORA:FEDORA-2022-1166a1df1e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/ | FEDORA:FEDORA-2022-462f39dd2f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/ | FEDORA:FEDORA-2022-a7cad6bd22 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/ | FEDORA:FEDORA-2022-b17bf30e88 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/ | FEDORA:FEDORA-2022-f44dd1bec2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/ | FEDORA:FEDORA-2023-097dd40685 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/ | FEDORA:FEDORA-2023-af5206f71d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/ | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://github.com/python/cpython/issues/97514 | MISC:https://github.com/python/cpython/issues/97514#issuecomment-1310277840 | URL:https://github.com/python/cpython/issues/97514#issuecomment-1310277840;Assigned (20221014);None (candidate not yet proposed) +CVE-2022-42965;Candidate;An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method;MISC:https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185/ | URL:https://research.jfrog.com/vulnerabilities/snowflake-connector-python-redos-xray-257185/;Assigned (20221015);None (candidate not yet proposed) +CVE-2022-42969;Candidate;The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.;MISC:https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316 | MISC:https://github.com/pytest-dev/py/issues/287 | MISC:https://news.ycombinator.com/item?id=34163710 | MISC:https://pypi.org/project/py;Assigned (20221016);None (candidate not yet proposed) +CVE-2022-43303;Candidate;The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/8 | MISC:https://pypi.org/project/d8s-strings/ | MISC:https://pypi.org/project/democritus-uuids/;Assigned (20221017);None (candidate not yet proposed) +CVE-2022-43304;Candidate;The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/9 | MISC:https://pypi.org/project/d8s-timer/ | MISC:https://pypi.org/project/democritus-uuids/;Assigned (20221017);None (candidate not yet proposed) +CVE-2022-43305;Candidate;The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/10 | MISC:https://pypi.org/project/d8s-python/ | MISC:https://pypi.org/project/democritus-algorithms/;Assigned (20221017);None (candidate not yet proposed) +CVE-2022-43306;Candidate;The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/11 | MISC:https://pypi.org/project/d8s-timer/ | MISC:https://pypi.org/project/democritus-dates/;Assigned (20221017);None (candidate not yet proposed) +CVE-2022-43753;Candidate;A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.;CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1204716 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1204716;Assigned (20221026);None (candidate not yet proposed) +CVE-2022-43754;Candidate;An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.;CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1204741 | URL:https://bugzilla.suse.com/show_bug.cgi?id=1204741;Assigned (20221026);None (candidate not yet proposed) +CVE-2022-44048;Candidate;The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/12 | MISC:https://pypi.org/project/d8s-urls/ | MISC:https://pypi.org/project/democritus-domains/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44049;Candidate;The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/13 | MISC:https://pypi.org/project/d8s-python/ | MISC:https://pypi.org/project/democritus-grammars/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44050;Candidate;The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/14 | MISC:https://pypi.org/project/d8s-networking/ | MISC:https://pypi.org/project/democritus-json/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44051;Candidate;The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/15 | MISC:https://pypi.org/project/d8s-stats/ | MISC:https://pypi.org/project/democritus-math/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44052;Candidate;The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/16 | MISC:https://pypi.org/project/d8s-dates/ | MISC:https://pypi.org/project/democritus-timezones/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44053;Candidate;The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/17 | MISC:https://pypi.org/project/d8s-networking/ | MISC:https://pypi.org/project/democritus-user-agents/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44054;Candidate;The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0.;MISC:https://github.com/dadadadada111/info/issues/18 | MISC:https://pypi.org/project/d8s-xml/ | MISC:https://pypi.org/project/democritus-utility/;Assigned (20221030);None (candidate not yet proposed) +CVE-2022-44900;Candidate;A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.;MISC:http://packetstormsecurity.com/files/170127/py7zr-0.20.0-Directory-Traversal.html | MISC:https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 | MISC:https://lessonsec.com/cve/cve-2022-44900/;Assigned (20221107);None (candidate not yet proposed) +CVE-2022-45061;Candidate;"An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.";CONFIRM:https://security.netapp.com/advisory/ntap-20221209-0007/ | FEDORA:FEDORA-2022-18b234c18b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/ | FEDORA:FEDORA-2022-3d7e44dbd5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/ | FEDORA:FEDORA-2022-3e859b6bc6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/ | FEDORA:FEDORA-2022-45d2cfdfa4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/ | FEDORA:FEDORA-2022-50deb53896 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/ | FEDORA:FEDORA-2022-6b8b96f883 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/ | FEDORA:FEDORA-2022-6ba889e0e3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/ | FEDORA:FEDORA-2022-6d51289820 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/ | FEDORA:FEDORA-2022-6f4e6120d7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/ | FEDORA:FEDORA-2022-93c6916349 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/ | FEDORA:FEDORA-2022-b2f06fbb62 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/ | FEDORA:FEDORA-2022-bcf089dd07 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/ | FEDORA:FEDORA-2022-dbb811d203 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/ | FEDORA:FEDORA-2022-de755fd092 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/ | FEDORA:FEDORA-2022-e1ce71ff40 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/ | FEDORA:FEDORA-2022-e699dd5247 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/ | FEDORA:FEDORA-2022-e6d0495206 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/ | FEDORA:FEDORA-2022-fbf6a320fe | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/ | FEDORA:FEDORA-2022-fd3771db30 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/ | FEDORA:FEDORA-2022-fdb2739feb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/ | FEDORA:FEDORA-2023-097dd40685 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/ | FEDORA:FEDORA-2023-129178fd27 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/ | FEDORA:FEDORA-2023-5460cf6dfb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/ | FEDORA:FEDORA-2023-78b4ce2f23 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/ | FEDORA:FEDORA-2023-943556a733 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/ | FEDORA:FEDORA-2023-a990c93ed0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/ | FEDORA:FEDORA-2023-af5206f71d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/ | FEDORA:FEDORA-2023-c43a940a93 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/ | FEDORA:FEDORA-2023-f1381c83af | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/ | GENTOO:GLSA-202305-02 | URL:https://security.gentoo.org/glsa/202305-02 | MISC:https://github.com/python/cpython/issues/98433 | MLIST:[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html | MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html;Assigned (20221109);None (candidate not yet proposed) +CVE-2022-45305;Candidate;Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.;MISC:https://github.com/ycdxsb/Vuln/blob/main/python3-weak-permission-vuln/python3-weak-permission-vuln.md;Assigned (20221114);None (candidate not yet proposed) +CVE-2022-45786;Candidate;There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.;MISC:https://lists.apache.org/thread/of8x0gt5d2vfrm5ksxw55bwn2849ck1w | URL:https://lists.apache.org/thread/of8x0gt5d2vfrm5ksxw55bwn2849ck1w;Assigned (20221122);None (candidate not yet proposed) +CVE-2022-46179;Candidate;"LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to """" (no quotes) to null the variable and force credential checks.";MISC:https://github.com/LiuWoodsCode/LiuOS/commit/c658b4f3e57258acf5f6207a90c2f2169698ae22 | URL:https://github.com/LiuWoodsCode/LiuOS/commit/c658b4f3e57258acf5f6207a90c2f2169698ae22 | MISC:https://github.com/LiuWoodsCode/LiuOS/security/advisories/GHSA-f9x3-mj2r-cqmf | URL:https://github.com/LiuWoodsCode/LiuOS/security/advisories/GHSA-f9x3-mj2r-cqmf;Assigned (20221128);None (candidate not yet proposed) +CVE-2022-46609;Candidate;Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.;MISC:https://github.com/herry-zhang/Python3-RESTfulAPI/ | MISC:https://github.com/herry-zhang/Python3-RESTfulAPI/blob/1c2081dca357685b3180b9baeb7e761e9a10ca99/SECURITY.md | MISC:https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99 | MISC:https://mirrors.neusoft.edu.cn/pypi/web/simple/request/;Assigned (20221205);None (candidate not yet proposed) +CVE-2022-48560;Candidate;A use-after-free exists in Python through 3.9 via heappushpop in heapq.;CONFIRM:https://security.netapp.com/advisory/ntap-20230929-0008/ | FEDORA:FEDORA-2023-34a3a5adba | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/ | FEDORA:FEDORA-2023-9954dae554 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/ | MISC:https://bugs.python.org/issue39421 | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html | MLIST:[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html;Assigned (20230723);None (candidate not yet proposed) +CVE-2022-48564;Candidate;read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.;CONFIRM:https://security.netapp.com/advisory/ntap-20230929-0009/ | MISC:https://bugs.python.org/issue42103 | MLIST:[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html;Assigned (20230723);None (candidate not yet proposed) +CVE-2022-48565;Candidate;An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.;CONFIRM:https://security.netapp.com/advisory/ntap-20231006-0007/ | FEDORA:FEDORA-2023-348a0dbcf3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/ | FEDORA:FEDORA-2023-e47078af3e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/ | FEDORA:FEDORA-2023-ea38857cc3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/ | MISC:https://bugs.python.org/issue42051 | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html | MLIST:[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html;Assigned (20230723);None (candidate not yet proposed) +CVE-2022-48566;Candidate;An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.;CONFIRM:https://security.netapp.com/advisory/ntap-20231006-0013/ | MISC:https://bugs.python.org/issue40791 | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html | MLIST:[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html;Assigned (20230723);None (candidate not yet proposed) +CVE-2023-1306;Candidate;An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.;MISC:https://docs.divvycloud.com/changelog/23321-release-notes | URL:https://docs.divvycloud.com/changelog/23321-release-notes | MISC:https://nephosec.com/exploiting-rapid7s-insightcloudsec/ | URL:https://nephosec.com/exploiting-rapid7s-insightcloudsec/;Assigned (20230309);None (candidate not yet proposed) +CVE-2023-23608;Candidate;"Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an attacker to insert arbitrary characters into the path that is used for API requests. Because it is possible to include "".."", an attacker can redirect for example a track lookup via spotifyApi.track() to an arbitrary API endpoint like playlists, but this is possible for other endpoints as well. The impact of this vulnerability depends heavily on what operations a client application performs when it handles a URI from a user and how it uses the responses it receives from the API. This issue is patched in version 2.22.1.";MISC:https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v | URL:https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v;Assigned (20230116);None (candidate not yet proposed) +CVE-2023-23931;Candidate;cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.;MISC:https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 | URL:https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 | MISC:https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r | URL:https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r;Assigned (20230119);None (candidate not yet proposed) +CVE-2023-24107;Candidate;hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.;MISC:https://github.com/jminh/hour_of_code_python_2015/ | MISC:https://github.com/jminh/hour_of_code_python_2015/issues/4 | MISC:https://mirrors.neusoft.edu.cn/pypi/web/simple/request/;Assigned (20230123);None (candidate not yet proposed) +CVE-2023-24329;Candidate;An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.;CERT-VN:VU#127587 | URL:https://www.kb.cert.org/vuls/id/127587 | CONFIRM:https://github.com/python/cpython/issues/102153 | CONFIRM:https://security.netapp.com/advisory/ntap-20230324-0004/ | FEDORA:FEDORA-2023-03599274db | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/ | FEDORA:FEDORA-2023-1092538441 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/ | FEDORA:FEDORA-2023-2b25dd2a11 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/ | FEDORA:FEDORA-2023-309cadedc6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/ | FEDORA:FEDORA-2023-31888c4781 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/ | FEDORA:FEDORA-2023-401947eb94 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/ | FEDORA:FEDORA-2023-406c1c6ed7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/ | FEDORA:FEDORA-2023-56cefa23df | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/ | FEDORA:FEDORA-2023-63c69aa712 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/ | FEDORA:FEDORA-2023-690e150a39 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/ | FEDORA:FEDORA-2023-81bb8e3b99 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/ | FEDORA:FEDORA-2023-953c2607d8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/ | FEDORA:FEDORA-2023-96aa33f0d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/ | FEDORA:FEDORA-2023-994ecd7dbc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/ | FEDORA:FEDORA-2023-acdfd145f2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/ | FEDORA:FEDORA-2023-b3a3df39dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/ | FEDORA:FEDORA-2023-b854908745 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/ | FEDORA:FEDORA-2023-d294ef140e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/ | FEDORA:FEDORA-2023-d8b0003ecd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/ | FEDORA:FEDORA-2023-dd526ed2e4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/ | FEDORA:FEDORA-2023-f52390b9d2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/ | MISC:https://github.com/python/cpython/pull/99421 | MISC:https://pointernull.com/security/python-url-parse-problem.html | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html;Assigned (20230123);None (candidate not yet proposed) +CVE-2023-24622;Candidate;isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF.;MISC:https://github.com/IncludeSecurity/safeurl-python/security/advisories/GHSA-jgh8-vchw-q3g7;Assigned (20230130);None (candidate not yet proposed) +CVE-2023-24816;Candidate;IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input.;MISC:https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117 | URL:https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.py#L103-L117 | MISC:https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20 | URL:https://github.com/ipython/ipython/blob/56e6925dfa50e2c7f4a6471547b8176275db7c25/IPython/utils/_process_win32.py#L20 | MISC:https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f | URL:https://github.com/ipython/ipython/commit/385d69325319a5972ee9b5983638e3617f21cb1f | MISC:https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7 | URL:https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7;Assigned (20230130);None (candidate not yet proposed) +CVE-2023-25577;Candidate;Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.;CONFIRM:https://security.netapp.com/advisory/ntap-20230818-0003/ | DEBIAN:DSA-5470 | URL:https://www.debian.org/security/2023/dsa-5470 | MISC:https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 | URL:https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1 | MISC:https://github.com/pallets/werkzeug/releases/tag/2.2.3 | URL:https://github.com/pallets/werkzeug/releases/tag/2.2.3 | MISC:https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323 | URL:https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323;Assigned (20230207);None (candidate not yet proposed) +CVE-2023-25601;Candidate;On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above.;MISC:https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf | URL:https://lists.apache.org/thread/25g77jqczp3t8cz56hk1p65q7m6c64rf | MLIST:[oss-security] 20230420 CVE-2023-25601: Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication | URL:http://www.openwall.com/lists/oss-security/2023/04/20/10;Assigned (20230208);None (candidate not yet proposed) +CVE-2023-25823;Candidate;Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested.;MISC:https://github.com/gradio-app/gradio/security/advisories/GHSA-3x5j-9vwr-8rr5 | URL:https://github.com/gradio-app/gradio/security/advisories/GHSA-3x5j-9vwr-8rr5;Assigned (20230215);None (candidate not yet proposed) +CVE-2023-26051;Candidate;Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.;MISC:https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 | URL:https://github.com/saleor/saleor/commit/31bce881ccccf0d79a9b14ecb6ca3138d1edeec1 | MISC:https://github.com/saleor/saleor/releases/tag/3.1.48 | URL:https://github.com/saleor/saleor/releases/tag/3.1.48 | MISC:https://github.com/saleor/saleor/releases/tag/3.10.14 | URL:https://github.com/saleor/saleor/releases/tag/3.10.14 | MISC:https://github.com/saleor/saleor/releases/tag/3.11.12 | URL:https://github.com/saleor/saleor/releases/tag/3.11.12 | MISC:https://github.com/saleor/saleor/releases/tag/3.7.59 | URL:https://github.com/saleor/saleor/releases/tag/3.7.59 | MISC:https://github.com/saleor/saleor/releases/tag/3.8.30 | URL:https://github.com/saleor/saleor/releases/tag/3.8.30 | MISC:https://github.com/saleor/saleor/releases/tag/3.9.27 | URL:https://github.com/saleor/saleor/releases/tag/3.9.27 | MISC:https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85 | URL:https://github.com/saleor/saleor/security/advisories/GHSA-r8qr-wwg3-2r85;Assigned (20230217);None (candidate not yet proposed) +CVE-2023-26052;Candidate;Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests. This issue has been patched in versions 3.1.48, 3.7.59, 3.8.0, 3.9.27, 3.10.14 and 3.11.12.;MISC:https://github.com/saleor/saleor/releases/tag/3.1.48 | URL:https://github.com/saleor/saleor/releases/tag/3.1.48 | MISC:https://github.com/saleor/saleor/releases/tag/3.10.14 | URL:https://github.com/saleor/saleor/releases/tag/3.10.14 | MISC:https://github.com/saleor/saleor/releases/tag/3.11.12 | URL:https://github.com/saleor/saleor/releases/tag/3.11.12 | MISC:https://github.com/saleor/saleor/releases/tag/3.7.59 | URL:https://github.com/saleor/saleor/releases/tag/3.7.59 | MISC:https://github.com/saleor/saleor/releases/tag/3.8.30 | URL:https://github.com/saleor/saleor/releases/tag/3.8.30 | MISC:https://github.com/saleor/saleor/releases/tag/3.9.27 | URL:https://github.com/saleor/saleor/releases/tag/3.9.27 | MISC:https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242 | URL:https://github.com/saleor/saleor/security/advisories/GHSA-3hvj-3cg9-v242;Assigned (20230217);None (candidate not yet proposed) +CVE-2023-26145;Candidate;This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.;MISC:https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca | URL:https://gist.github.com/CalumHutton/45d33e9ea55bf4953b3b31c84703dfca | MISC:https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021 | URL:https://github.com/dgilland/pydash/commit/6ff0831ad285fff937cafd2a853f20cc9ae92021 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-PYDASH-5916518;Assigned (20230220);None (candidate not yet proposed) +CVE-2023-26477;Candidate;XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue.;MISC:https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284 | URL:https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpg | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpg | MISC:https://jira.xwiki.org/browse/XWIKI-19757 | URL:https://jira.xwiki.org/browse/XWIKI-19757;Assigned (20230223);None (candidate not yet proposed) +CVE-2023-26485;Candidate;"cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = ""_"" * 100000; print(pad + ""."" + pad, end="""")' | time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)";MISC:https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 | URL:https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 | MISC:https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5 | URL:https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5;Assigned (20230223);None (candidate not yet proposed) +CVE-2023-27043;Candidate;The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.;CONFIRM:https://github.com/python/cpython/issues/102988 | CONFIRM:https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html | CONFIRM:https://security.netapp.com/advisory/ntap-20230601-0003/ | FEDORA:FEDORA-2023-0583eedde7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/ | FEDORA:FEDORA-2023-0583eedde7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/ | FEDORA:FEDORA-2023-1bb427c240 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/ | FEDORA:FEDORA-2023-2f86a608b2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/ | FEDORA:FEDORA-2023-555b4d49b1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/ | FEDORA:FEDORA-2023-7d223ee343 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/ | FEDORA:FEDORA-2023-8085628fff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/ | FEDORA:FEDORA-2023-87771f4249 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/ | FEDORA:FEDORA-2023-88fbb78cd3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/ | FEDORA:FEDORA-2023-b245e992ea | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/ | FEDORA:FEDORA-2023-c0bf8c0c4e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/ | FEDORA:FEDORA-2023-c61a7d5227 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/ | FEDORA:FEDORA-2023-d01f8a69b4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/ | FEDORA:FEDORA-2023-d577604e6a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/ | FEDORA:FEDORA-2023-f96ff39b59 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/ | FEDORA:FEDORA-2024-06ff0a6def | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/ | FEDORA:FEDORA-2024-3ab90a5b01 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/ | FEDORA:FEDORA-2024-8df4ac93d7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/ | FEDORA:FEDORA-2024-94e0390e4e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/ | MISC:http://python.org | MISC:https://github.com/python/cpython/issues/102988;Assigned (20230227);None (candidate not yet proposed) +CVE-2023-27476;Candidate;OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.;DEBIAN:DSA-5426 | URL:https://www.debian.org/security/2023/dsa-5426 | MISC:https://github.com/geopython/OWSLib/pull/863/commits/b92687702be9576c0681bb11cad21eb631b9122f | URL:https://github.com/geopython/OWSLib/pull/863/commits/b92687702be9576c0681bb11cad21eb631b9122f | MISC:https://github.com/geopython/OWSLib/security/advisories/GHSA-8h9c-r582-mggc | URL:https://github.com/geopython/OWSLib/security/advisories/GHSA-8h9c-r582-mggc | MISC:https://securitylab.github.com/advisories/GHSL-2022-131_owslib/ | URL:https://securitylab.github.com/advisories/GHSL-2022-131_owslib/ | MLIST:[debian-lts-announce] 20230625 [SECURITY] [DLA 3470-1] owslib security update | URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00032.html;Assigned (20230301);None (candidate not yet proposed) +CVE-2023-27479;Candidate;"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async=""true"" cached=""false"" context=""doc.reference""}}{{groovy}}println(""Hello "" + ""from groovy!""){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`.";MISC:https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc | URL:https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv | MISC:https://jira.xwiki.org/browse/XWIKI-20294 | URL:https://jira.xwiki.org/browse/XWIKI-20294;Assigned (20230301);None (candidate not yet proposed) +CVE-2023-27482;Candidate;homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.;MISC:https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md | URL:https://github.com/elttam/publications/blob/master/writeups/home-assistant/supervisor-authentication-bypass-advisory.md | MISC:https://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25 | URL:https://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25 | MISC:https://www.elttam.com/blog/pwnassistant/ | URL:https://www.elttam.com/blog/pwnassistant/ | MISC:https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ | URL:https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/;Assigned (20230301);None (candidate not yet proposed) +CVE-2023-28117;Candidate;"Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.";MISC:https://github.com/getsentry/sentry-python/pull/1842 | URL:https://github.com/getsentry/sentry-python/pull/1842 | MISC:https://github.com/getsentry/sentry-python/releases/tag/1.14.0 | URL:https://github.com/getsentry/sentry-python/releases/tag/1.14.0 | MISC:https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm | URL:https://github.com/getsentry/sentry-python/security/advisories/GHSA-29pr-6jr8-q5jm;Assigned (20230310);None (candidate not yet proposed) +CVE-2023-29209;Candidate;XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user's profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc | URL:https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q | MISC:https://jira.xwiki.org/browse/XWIKI-20258 | URL:https://jira.xwiki.org/browse/XWIKI-20258;Assigned (20230403);None (candidate not yet proposed) +CVE-2023-29210;Candidate;XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a | URL:https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x | MISC:https://jira.xwiki.org/browse/XWIKI-20259 | URL:https://jira.xwiki.org/browse/XWIKI-20259;Assigned (20230403);None (candidate not yet proposed) +CVE-2023-29211;Candidate;XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `wikiId` url parameter. The problem has been patched on XWiki 13.10.11, 14.4.7, and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64 | URL:https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4 | MISC:https://jira.xwiki.org/browse/XWIKI-20297 | URL:https://jira.xwiki.org/browse/XWIKI-20297;Assigned (20230403);None (candidate not yet proposed) +CVE-2023-29212;Candidate;XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the included documents edit panel. The problem has been patched on XWiki 14.4.7, and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217 | URL:https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475 | MISC:https://jira.xwiki.org/browse/XWIKI-20293 | URL:https://jira.xwiki.org/browse/XWIKI-20293;Assigned (20230403);None (candidate not yet proposed) +CVE-2023-29214;Candidate;XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67 | URL:https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh | MISC:https://jira.xwiki.org/browse/XWIKI-20306 | URL:https://jira.xwiki.org/browse/XWIKI-20306;Assigned (20230403);None (candidate not yet proposed) +CVE-2023-29374;Candidate;In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.;MISC:https://github.com/hwchase17/langchain/issues/1026 | MISC:https://github.com/hwchase17/langchain/issues/814 | MISC:https://github.com/hwchase17/langchain/pull/1119 | MISC:https://twitter.com/rharang/status/1641899743608463365/photo/1;Assigned (20230405);None (candidate not yet proposed) +CVE-2023-29509;Candidate;XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `documentTree` macro parameters in This macro is installed by default in `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae | URL:https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4 | MISC:https://jira.xwiki.org/browse/XWIKI-20279 | URL:https://jira.xwiki.org/browse/XWIKI-20279;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29511;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the section ids in `XWiki.AdminFieldsDisplaySheet`. This page is installed by default. The vulnerability has been patched in XWiki versions 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.;MISC:https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede | URL:https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668 | MISC:https://jira.xwiki.org/browse/XWIKI-20261 | URL:https://jira.xwiki.org/browse/XWIKI-20261;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29512;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in `imported.vm`, `importinline.vm`, and `packagelist.vm`. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344 | URL:https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96 | MISC:https://jira.xwiki.org/browse/XWIKI-20267 | URL:https://jira.xwiki.org/browse/XWIKI-20267;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29516;Candidate;"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the ""Cancel and return to page"" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.";MISC:https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996 | URL:https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f | MISC:https://jira.xwiki.org/browse/XWIKI-20275 | URL:https://jira.xwiki.org/browse/XWIKI-20275;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29518;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.;MISC:https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf | URL:https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9 | MISC:https://jira.xwiki.org/browse/XWIKI-20283 | URL:https://jira.xwiki.org/browse/XWIKI-20283;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29521;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Macro.VFSTreeMacro`. This page is not installed by default.This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.2, 14.4.8, 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12 | URL:https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr | MISC:https://jira.xwiki.org/browse/XWIKI-20260 | URL:https://jira.xwiki.org/browse/XWIKI-20260;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29522;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee | URL:https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w | MISC:https://jira.xwiki.org/browse/XWIKI-20456 | URL:https://jira.xwiki.org/browse/XWIKI-20456;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-29523;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading.;MISC:https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application | URL:https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application | MISC:https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c | URL:https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx | MISC:https://jira.xwiki.org/browse/XWIKI-20327 | URL:https://jira.xwiki.org/browse/XWIKI-20327;Assigned (20230407);None (candidate not yet proposed) +CVE-2023-30537;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10.;MISC:https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8 | URL:https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp | MISC:https://jira.xwiki.org/browse/XWIKI-20280 | URL:https://jira.xwiki.org/browse/XWIKI-20280;Assigned (20230412);None (candidate not yet proposed) +CVE-2023-30608;Candidate;sqlparse is a non-validating SQL parser module for Python. In affected versions the SQL parser contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service). This issue was introduced by commit `e75e358`. The vulnerability may lead to Denial of Service (DoS). This issues has been fixed in sqlparse 0.4.4 by commit `c457abd5f`. Users are advised to upgrade. There are no known workarounds for this issue.;MISC:https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb | URL:https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb | MISC:https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a | URL:https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a | MISC:https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 | URL:https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 | MISC:https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS | URL:https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS | MLIST:[debian-lts-announce] 20230516 [SECURITY] [DLA 3425-1] sqlparse security update | URL:https://lists.debian.org/debian-lts-announce/2023/05/msg00017.html;Assigned (20230413);None (candidate not yet proposed) +CVE-2023-30629;Candidate;Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.;MISC:https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call | URL:https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call | MISC:https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164 | URL:https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164 | MISC:https://github.com/lidofinance/gate-seals/pull/5/files | URL:https://github.com/lidofinance/gate-seals/pull/5/files | MISC:https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae | URL:https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9;Assigned (20230413);None (candidate not yet proposed) +CVE-2023-30798;Candidate;There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.;MISC:https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa | URL:https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa | MISC:https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x | URL:https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x | MISC:https://vulncheck.com/advisories/starlette-multipartparser-dos | URL:https://vulncheck.com/advisories/starlette-multipartparser-dos;Assigned (20230418);None (candidate not yet proposed) +CVE-2023-30837;Candidate;Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.;MISC:https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | URL:https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6;Assigned (20230418);None (candidate not yet proposed) +CVE-2023-31146;Candidate;Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.;MISC:https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb | URL:https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv;Assigned (20230424);None (candidate not yet proposed) +CVE-2023-32058;Candidate;Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.;MISC:https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868 | URL:https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj;Assigned (20230501);None (candidate not yet proposed) +CVE-2023-32059;Candidate;Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.;MISC:https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac | URL:https://github.com/vyperlang/vyper/commit/c3e68c302aa6e1429946473769dd1232145822ac | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-ph9x-4vc9-m39g;Assigned (20230501);None (candidate not yet proposed) +CVE-2023-32309;Candidate;"PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax `--8<--""/etc/passwd""` or `--8<--""/proc/self/environ""` the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base paths: `--8<-- ""../../../../etc/passwd""`. Within the Snippets extension, there exists a `base_path` option but the implementation is vulnerable to Directory Traversal. The vulnerable section exists in `get_snippet_path(self, path)` lines 155 to 174 in snippets.py. Any readable file on the host where the plugin is executing may have its content exposed. This can impact any use of Snippets that exposes the use of Snippets to external users. It is never recommended to use Snippets to process user-facing, dynamic content. It is designed to process known content on the backend under the control of the host, but if someone were to accidentally enable it for user-facing content, undesired information could be exposed. This issue has been addressed in version 10.0. Users are advised to upgrade. Users unable to upgrade may restrict relative paths by filtering input.";MISC:https://github.com/facelessuser/pymdown-extensions/commit/b7bb4878d6017c03c8dc97c42d8d3bb6ee81db9d | URL:https://github.com/facelessuser/pymdown-extensions/commit/b7bb4878d6017c03c8dc97c42d8d3bb6ee81db9d | MISC:https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-jh85-wwv9-24hv | URL:https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-jh85-wwv9-24hv;Assigned (20230508);None (candidate not yet proposed) +CVE-2023-32675;Candidate;Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.;MISC:https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520 | URL:https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762;Assigned (20230511);None (candidate not yet proposed) +CVE-2023-32682;Candidate;"Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. In affected versions it may be possible for a deactivated user to login when using uncommon configurations. This only applies if any of the following are true: 1. JSON Web Tokens are enabled for login via the `jwt_config.enabled` configuration setting. 2. The local password database is enabled via the `password_config.enabled` and `password_config.localdb_enabled` configuration settings *and* a user's password is updated via an admin API after a user is deactivated. Note that the local password database is enabled by default, but it is uncommon to set a user's password after they've been deactivated. Installations that are configured to only allow login via Single Sign-On (SSO) via CAS, SAML or OpenID Connect (OIDC); or via an external password provider (e.g. LDAP) are not affected. If not using JSON Web Tokens, ensure that deactivated users do not have a password set. This issue has been addressed in version 1.85.0. Users are advised to upgrade.";FEDORA:FEDORA-2023-56760afca8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/ | MISC:https://github.com/matrix-org/synapse/pull/15624 | URL:https://github.com/matrix-org/synapse/pull/15624 | MISC:https://github.com/matrix-org/synapse/pull/15634 | URL:https://github.com/matrix-org/synapse/pull/15634 | MISC:https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p | MISC:https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account | URL:https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#create-or-modify-account | MISC:https://matrix-org.github.io/synapse/latest/jwt.html | URL:https://matrix-org.github.io/synapse/latest/jwt.html | MISC:https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config | URL:https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#password_config;Assigned (20230511);None (candidate not yet proposed) +CVE-2023-32683;Candidate;Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the `url_preview_url_blacklist` setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the `url_preview_ip_range_blacklist` setting (by default this only allows public IPs) and by the limited information returned to the client: 1. For discovered oEmbed URLs, any non-JSON response or a JSON response which includes non-oEmbed information is discarded. 2. For discovered image URLs, any non-image response is discarded. Systems which have URL preview disabled (via the `url_preview_enabled` setting) or have not configured a `url_preview_url_blacklist` are not affected. This issue has been addressed in version 1.85.0. Users are advised to upgrade. User unable to upgrade may also disable URL previews.;FEDORA:FEDORA-2023-56760afca8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6DH5A5YEB5LRIPP32OUW25FCGZFCZU2/ | MISC:https://github.com/matrix-org/synapse/pull/15601 | URL:https://github.com/matrix-org/synapse/pull/15601 | MISC:https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc | URL:https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc;Assigned (20230511);None (candidate not yet proposed) +CVE-2023-33175;Candidate;ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.;MISC:https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1 | URL:https://github.com/mubarakalmehairbi/ToUI/releases/tag/v2.4.1 | MISC:https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563 | URL:https://github.com/mubarakalmehairbi/ToUI/security/advisories/GHSA-hh7j-pg39-q563;Assigned (20230517);None (candidate not yet proposed) +CVE-2023-33290;Candidate;The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).;MISC:https://github.com/tjtelan/git-url-parse-rs/issues/51 | MISC:https://lib.rs/crates/git-url-parse;Assigned (20230522);None (candidate not yet proposed) +CVE-2023-33565;Candidate;ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes.;MISC:https://dl.acm.org/doi/abs/10.1145/3573910.3573912 | MISC:https://github.com/16yashpatel/CVE-2023-33565;Assigned (20230522);None (candidate not yet proposed) +CVE-2023-33566;Candidate;An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior.;MISC:https://github.com/16yashpatel/CVE-2023-33566;Assigned (20230522);None (candidate not yet proposed) +CVE-2023-33567;Candidate;An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.;MISC:https://github.com/16yashpatel/CVE-2023-33567;Assigned (20230522);None (candidate not yet proposed) +CVE-2023-33595;Candidate;CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.;MISC:https://github.com/python/cpython/issues/103824 | MISC:https://github.com/python/cpython/pull/103993/commits/c120bc2d354ca3d27d0c7a53bf65574ddaabaf3a;Assigned (20230522);None (candidate not yet proposed) +CVE-2023-3361;Candidate;A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.;MISC:RHBZ#2216588 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2216588 | MISC:https://access.redhat.com/security/cve/CVE-2023-3361 | URL:https://access.redhat.com/security/cve/CVE-2023-3361 | MISC:https://github.com/opendatahub-io/odh-dashboard/issues/1415 | URL:https://github.com/opendatahub-io/odh-dashboard/issues/1415;Assigned (20230622);None (candidate not yet proposed) +CVE-2023-34233;Candidate;"The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious resource and (2) redirecting users to utilize the resource. The attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. This attack scenario can be mitigated through URL whitelisting as well as common anti-phishing resources. Version 3.0.2 contains a patch for this issue.";MISC:https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac | URL:https://github.com/snowflakedb/snowflake-connector-python/commit/1cdbd3b1403c5ef520d7f4d9614fe35165e101ac | MISC:https://github.com/snowflakedb/snowflake-connector-python/pull/1480 | URL:https://github.com/snowflakedb/snowflake-connector-python/pull/1480 | MISC:https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp | URL:https://github.com/snowflakedb/snowflake-connector-python/security/advisories/GHSA-5w5m-pfw9-c8fp;Assigned (20230531);None (candidate not yet proposed) +CVE-2023-34239;Candidate;Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/gradio-app/gradio/pull/4370 | URL:https://github.com/gradio-app/gradio/pull/4370 | MISC:https://github.com/gradio-app/gradio/pull/4406 | URL:https://github.com/gradio-app/gradio/pull/4406 | MISC:https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695 | URL:https://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695;Assigned (20230531);None (candidate not yet proposed) +CVE-2023-34457;Candidate;"MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.";CONFIRM:https://security.netapp.com/advisory/ntap-20230803-0005/ | MISC:https://github.com/MechanicalSoup/MechanicalSoup/commit/d57c4a269bba3b9a0c5bfa20292955b849006d9e | URL:https://github.com/MechanicalSoup/MechanicalSoup/commit/d57c4a269bba3b9a0c5bfa20292955b849006d9e | MISC:https://github.com/MechanicalSoup/MechanicalSoup/releases/tag/v1.3.0 | URL:https://github.com/MechanicalSoup/MechanicalSoup/releases/tag/v1.3.0 | MISC:https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4 | URL:https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4;Assigned (20230606);None (candidate not yet proposed) +CVE-2023-35932;Candidate;jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.;MISC:https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41 | URL:https://github.com/tanghaibao/jcvi/blob/cede6c65c8e7603cb266bc3395ac8f915ea9eac7/jcvi/apps/base.py#LL2227C1-L2228C41 | MISC:https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q | URL:https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49m-3cw7-gq5q;Assigned (20230620);None (candidate not yet proposed) +CVE-2023-36095;Candidate;An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.;MISC:http://langchain.com | MISC:https://github.com/hwchase17/langchain | MISC:https://github.com/langchain-ai/langchain/issues/5872;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36188;Candidate;An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.;MISC:https://github.com/hwchase17/langchain/issues/5872 | MISC:https://github.com/hwchase17/langchain/pull/6003;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36258;Candidate;An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used.;MISC:https://github.com/hwchase17/langchain/issues/5872;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36456;Candidate;authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used. This poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to. Versions 2023.4.3 and 2023.5.5 contain a patch for this issue.;MISC:https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff | URL:https://github.com/goauthentik/authentik/commit/15026748d19d490eb2baf9a9566ead4f805f7dff | MISC:https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a | URL:https://github.com/goauthentik/authentik/commit/c07a48a3eccbd7b23026f72136d3392bbc6f795a | MISC:https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv | URL:https://github.com/goauthentik/authentik/security/advisories/GHSA-cmxp-jcw7-jjjv | MISC:https://goauthentik.io/docs/releases/2023.4#fixed-in-202343 | URL:https://goauthentik.io/docs/releases/2023.4#fixed-in-202343 | MISC:https://goauthentik.io/docs/releases/2023.5#fixed-in-202355 | URL:https://goauthentik.io/docs/releases/2023.5#fixed-in-202355;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36464;Candidate;"pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b""\r"", b""\n"")` in `pypdf/generic/_data_structures.py` to `while peek not in (b""\r"", b""\n"", b"""")`.";MISC:https://github.com/py-pdf/pypdf/pull/1828 | URL:https://github.com/py-pdf/pypdf/pull/1828 | MISC:https://github.com/py-pdf/pypdf/pull/969 | URL:https://github.com/py-pdf/pypdf/pull/969 | MISC:https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8 | URL:https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36467;Candidate;"AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.";MISC:https://github.com/awslabs/aws-dataall/pull/472 | URL:https://github.com/awslabs/aws-dataall/pull/472 | MISC:https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2 | URL:https://github.com/awslabs/aws-dataall/releases/tag/v1.5.2 | MISC:https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4 | URL:https://github.com/awslabs/aws-dataall/releases/tag/v1.5.4 | MISC:https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr | URL:https://github.com/awslabs/aws-dataall/security/advisories/GHSA-m922-chh7-8qcr;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36469;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar.;MISC:https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c | URL:https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c | MISC:https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca | URL:https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca | MISC:https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4 | URL:https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc | MISC:https://jira.xwiki.org/browse/XWIKI-20610 | URL:https://jira.xwiki.org/browse/XWIKI-20610;Assigned (20230621);None (candidate not yet proposed) +CVE-2023-36632;Candidate;"** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger ""RecursionError: maximum recursion depth exceeded while calling a Python object"" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.";MISC:https://docs.python.org/3/library/email.html | MISC:https://docs.python.org/3/library/email.utils.html | MISC:https://github.com/Daybreak2019/PoC_python3.9_Vul/blob/main/RecursionError-email.utils.parseaddr.py | MISC:https://github.com/python/cpython/issues/103800;Assigned (20230625);None (candidate not yet proposed) +CVE-2023-36807;Candidate;pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.;MISC:https://github.com/py-pdf/pypdf/issues/1329 | URL:https://github.com/py-pdf/pypdf/issues/1329 | MISC:https://github.com/py-pdf/pypdf/pull/1331 | URL:https://github.com/py-pdf/pypdf/pull/1331 | MISC:https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m | URL:https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m;Assigned (20230627);None (candidate not yet proposed) +CVE-2023-36810;Candidate;pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/py-pdf/pypdf/issues/582 | URL:https://github.com/py-pdf/pypdf/issues/582 | MISC:https://github.com/py-pdf/pypdf/pull/808 | URL:https://github.com/py-pdf/pypdf/pull/808 | MISC:https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw | URL:https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw | MLIST:[debian-lts-announce] 20230714 [SECURITY] [DLA 3497-1] pypdf2 security update | URL:https://lists.debian.org/debian-lts-announce/2023/07/msg00019.html;Assigned (20230627);None (candidate not yet proposed) +CVE-2023-36814;Candidate;Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.;MISC:https://github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5 | URL:https://github.com/zopefoundation/Products.CMFCore/commit/40f03f43a60f28ca9485c8ef429efef729be54e5 | MISC:https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87 | URL:https://github.com/zopefoundation/Products.CMFCore/security/advisories/GHSA-4hpj-8rhv-9x87;Assigned (20230627);None (candidate not yet proposed) +CVE-2023-36830;Candidate;SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue. The 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.;MISC:https://github.com/sqlfluff/sqlfluff/releases/tag/2.1.2 | URL:https://github.com/sqlfluff/sqlfluff/releases/tag/2.1.2 | MISC:https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx | URL:https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx;Assigned (20230627);None (candidate not yet proposed) +CVE-2023-37271;Candidate;RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3.;MISC:https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 | URL:https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 | MISC:https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh | URL:https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh;Assigned (20230629);None (candidate not yet proposed) +CVE-2023-37273;Candidate;Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the `execute_python_file` and `execute_python_code` commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3.;MISC:https://github.com/Significant-Gravitas/Auto-GPT/pull/4761 | URL:https://github.com/Significant-Gravitas/Auto-GPT/pull/4761 | MISC:https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-x5gj-2chr-4ch6 | URL:https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-x5gj-2chr-4ch6;Assigned (20230629);None (candidate not yet proposed) +CVE-2023-37274;Candidate;Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory. Before v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-supplied code to a file with an LLM-supplied name. This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../../main.py`. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. The issue has been patched in version 0.4.3. As a workaround, the risk introduced by this vulnerability can be remediated by running Auto-GPT in a virtual machine, or another environment in which damage to files or corruption of the program is not a critical problem.;MISC:https://github.com/Significant-Gravitas/Auto-GPT/pull/4756 | URL:https://github.com/Significant-Gravitas/Auto-GPT/pull/4756 | MISC:https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f | URL:https://github.com/Significant-Gravitas/Auto-GPT/security/advisories/GHSA-5h38-mgp9-rj5f;Assigned (20230629);None (candidate not yet proposed) +CVE-2023-37276;Candidate;aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.;MISC:https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules | URL:https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules | MISC:https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40 | URL:https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40 | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w | MISC:https://hackerone.com/reports/2001873 | URL:https://hackerone.com/reports/2001873;Assigned (20230629);None (candidate not yet proposed) +CVE-2023-37462;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations.;MISC:https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29 | URL:https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg | MISC:https://jira.xwiki.org/browse/XWIKI-20457 | URL:https://jira.xwiki.org/browse/XWIKI-20457;Assigned (20230706);None (candidate not yet proposed) +CVE-2023-37902;Candidate;Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.;MISC:https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f | URL:https://github.com/vyperlang/vyper/commit/019a37ab98ff53f04fecfadf602b6cd5ac748f7f | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-f5x6-7qgp-jhf3;Assigned (20230710);None (candidate not yet proposed) +CVE-2023-37909;Candidate;"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.";MISC:https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be | URL:https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx | MISC:https://jira.xwiki.org/browse/XWIKI-20746 | URL:https://jira.xwiki.org/browse/XWIKI-20746;Assigned (20230710);None (candidate not yet proposed) +CVE-2023-37914;Candidate;XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.;MISC:https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 | URL:https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf | MISC:https://jira.xwiki.org/browse/XWIKI-20421 | URL:https://jira.xwiki.org/browse/XWIKI-20421;Assigned (20230710);None (candidate not yet proposed) +CVE-2023-37941;Candidate;If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. The Superset metadata db is an 'internal' component that is typically only accessible directly by the system administrator and the superset process itself. Gaining access to that database should be difficult and require significant privileges. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.;MISC:http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html | MISC:https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h | URL:https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h;Assigned (20230711);None (candidate not yet proposed) +CVE-2023-38325;Candidate;The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.;CONFIRM:https://security.netapp.com/advisory/ntap-20230824-0010/ | FEDORA:FEDORA-2023-2b0f2e4bc3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/ | MISC:https://github.com/pyca/cryptography/compare/41.0.1...41.0.2 | MISC:https://github.com/pyca/cryptography/issues/9207 | MISC:https://github.com/pyca/cryptography/pull/9208 | MISC:https://pypi.org/project/cryptography/#history;Assigned (20230714);None (candidate not yet proposed) +CVE-2023-38703;Candidate;"PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.";MISC:https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d | URL:https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d | MISC:https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 | URL:https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 | MLIST:[debian-lts-announce] 20231228 [SECURITY] [DLA 3696-1] asterisk security update | URL:https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html;Assigned (20230724);None (candidate not yet proposed) +CVE-2023-38898;Candidate;"** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.";MISC:https://github.com/python/cpython/issues/105987;Assigned (20230725);None (candidate not yet proposed) +CVE-2023-39363;Candidate;"Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.";MISC:https://github.com/vyperlang/vyper/pull/2439 | URL:https://github.com/vyperlang/vyper/pull/2439 | MISC:https://github.com/vyperlang/vyper/pull/2514 | URL:https://github.com/vyperlang/vyper/pull/2514 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-5824-cm3x-3c38 | MISC:https://hackmd.io/@LlamaRisk/BJzSKHNjn | URL:https://hackmd.io/@LlamaRisk/BJzSKHNjn | MISC:https://hackmd.io/@vyperlang/HJUgNMhs2 | URL:https://hackmd.io/@vyperlang/HJUgNMhs2;Assigned (20230728);None (candidate not yet proposed) +CVE-2023-39659;Candidate;An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.;MISC:https://github.com/langchain-ai/langchain/issues/7700 | MISC:https://github.com/langchain-ai/langchain/pull/5640;Assigned (20230807);None (candidate not yet proposed) +CVE-2023-40015;Candidate;Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.;MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf;Assigned (20230808);None (candidate not yet proposed) +CVE-2023-40217;Candidate;"An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as ""not connected"" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)";CONFIRM:https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ | CONFIRM:https://security.netapp.com/advisory/ntap-20231006-0014/ | MISC:https://www.python.org/dev/security/ | MLIST:[debian-lts-announce] 20230920 [SECURITY] [DLA 3575-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html | MLIST:[debian-lts-announce] 20231011 [SECURITY] [DLA 3614-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html;Assigned (20230810);None (candidate not yet proposed) +CVE-2023-40267;Candidate;GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.;FEDORA:FEDORA-2023-1ec4e542f9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF6AXUTC5BO7L2SBJMCVKJSPKWY52I5R/ | FEDORA:FEDORA-2023-26116901d9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AV5DV7GBLMOZT7U3Q4TDOJO5R6G3V6GH/ | MISC:https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd | MISC:https://github.com/gitpython-developers/GitPython/pull/1609;Assigned (20230811);None (candidate not yet proposed) +CVE-2023-40581;Candidate;"yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain "", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.";MISC:https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.09.24.003044 | URL:https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.09.24.003044 | MISC:https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e | URL:https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e | MISC:https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11 | URL:https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11 | MISC:https://github.com/yt-dlp/yt-dlp/releases/tag/2023.09.24 | URL:https://github.com/yt-dlp/yt-dlp/releases/tag/2023.09.24 | MISC:https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg | URL:https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg;Assigned (20230816);None (candidate not yet proposed) +CVE-2023-40587;Candidate;Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.;FEDORA:FEDORA-2023-70baf5e2fe | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYSDTQ7NP5GHPQ7HBE47MBJQK7YEIYMF/ | FEDORA:FEDORA-2023-b213d84a16 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQIPHQTM3XE5NIEXCTQFV2J2RK2YUSMT/ | MISC:https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 | URL:https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 | MISC:https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 | URL:https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 | MISC:https://github.com/python/cpython/issues/106242 | URL:https://github.com/python/cpython/issues/106242 | MISC:https://github.com/python/cpython/pull/106816 | URL:https://github.com/python/cpython/pull/106816;Assigned (20230816);None (candidate not yet proposed) +CVE-2023-40590;Candidate;GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable.;MISC:https://docs.python.org/3/library/subprocess.html#popen-constructor | URL:https://docs.python.org/3/library/subprocess.html#popen-constructor | MISC:https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 | URL:https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4;Assigned (20230816);None (candidate not yet proposed) +CVE-2023-41039;Candidate;"RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's ""format"" functionality allows someone controlling the format string to ""read"" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.";MISC:https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 | URL:https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 | MISC:https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 | URL:https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67;Assigned (20230822);None (candidate not yet proposed) +CVE-2023-41040;Candidate;GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.;MISC:https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175 | URL:https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175 | MISC:https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c | URL:https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c | MLIST:[debian-lts-announce] 20230929 [SECURITY] [DLA 3589-1] python-git security update | URL:https://lists.debian.org/debian-lts-announce/2023/09/msg00036.html;Assigned (20230822);None (candidate not yet proposed) +CVE-2023-41050;Candidate;"AccessControl provides a general security framework for use in Zope. Python's ""format"" functionality allows someone controlling the format string to ""read"" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.";MISC:https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9 | URL:https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9 | MISC:https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c | URL:https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c;Assigned (20230822);None (candidate not yet proposed) +CVE-2023-41052;Candidate;Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.;MISC:https://github.com/vyperlang/vyper/pull/3583 | URL:https://github.com/vyperlang/vyper/pull/3583 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq;Assigned (20230822);None (candidate not yet proposed) +CVE-2023-41105;Candidate;An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.;CONFIRM:https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/ | CONFIRM:https://security.netapp.com/advisory/ntap-20231006-0015/ | MISC:https://github.com/python/cpython/issues/106242 | MISC:https://github.com/python/cpython/pull/107981 | MISC:https://github.com/python/cpython/pull/107982 | MISC:https://github.com/python/cpython/pull/107983;Assigned (20230823);None (candidate not yet proposed) +CVE-2023-41319;Candidate;Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`.;MISC:https://github.com/ethyca/fides/commit/5989b5fa744c8d8c340963b895a054883549358a | URL:https://github.com/ethyca/fides/commit/5989b5fa744c8d8c340963b895a054883549358a | MISC:https://github.com/ethyca/fides/security/advisories/GHSA-p6p2-qq95-vq5h | URL:https://github.com/ethyca/fides/security/advisories/GHSA-p6p2-qq95-vq5h;Assigned (20230828);None (candidate not yet proposed) +CVE-2023-41328;Candidate;Frappe is a low code web framework written in Python and Javascript. A SQL Injection vulnerability has been identified in the Frappe Framework which could allow a malicious actor to access sensitive information. This issue has been addressed in versions 13.46.1 and 14.20.0. Users are advised to upgrade. There's no workaround to fix this without upgrading.;MISC:https://github.com/frappe/frappe/releases/tag/v13.46.1 | URL:https://github.com/frappe/frappe/releases/tag/v13.46.1 | MISC:https://github.com/frappe/frappe/releases/tag/v14.20.0 | URL:https://github.com/frappe/frappe/releases/tag/v14.20.0 | MISC:https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679 | URL:https://github.com/frappe/frappe/security/advisories/GHSA-53wh-f67g-9679;Assigned (20230828);None (candidate not yet proposed) +CVE-2023-41329;Candidate;WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names.;MISC:https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4 | URL:https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4 | MISC:https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses | URL:https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses;Assigned (20230828);None (candidate not yet proposed) +CVE-2023-42441;Candidate;"Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("""")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.";MISC:https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83 | URL:https://github.com/vyperlang/vyper/commit/0b740280c1e3c5528a20d47b29831948ddcc6d83 | MISC:https://github.com/vyperlang/vyper/pull/3605 | URL:https://github.com/vyperlang/vyper/pull/3605 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-3hg2-r75x-g69m;Assigned (20230908);None (candidate not yet proposed) +CVE-2023-42443;Candidate;Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode. Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.;MISC:https://github.com/vyperlang/vyper/issues/3609 | URL:https://github.com/vyperlang/vyper/issues/3609 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w;Assigned (20230908);None (candidate not yet proposed) +CVE-2023-42460;Candidate;Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.;MISC:https://github.com/vyperlang/vyper/pull/3626 | URL:https://github.com/vyperlang/vyper/pull/3626 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-cx2q-hfxr-rj97;Assigned (20230908);None (candidate not yet proposed) +CVE-2023-43804;Candidate;urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.;FEDORA:FEDORA-2023-0806784f24 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAGZXYJ7H2G3SB47M453VQVNAWKAEJJ/ | FEDORA:FEDORA-2023-18f03a150d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/ | FEDORA:FEDORA-2023-8f53bfe088 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3PR7C6RJ6JUBQKIJ644DMIJSUP36VDY/ | MISC:https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb | URL:https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb | MISC:https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d | URL:https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d | MISC:https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f | URL:https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f | MLIST:[debian-lts-announce] 20231008 [SECURITY] [DLA 3610-1] python-urllib3 security update | URL:https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html;Assigned (20230922);None (candidate not yet proposed) +CVE-2023-44467;Candidate;langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is not prohibited by pal_chain/base.py.;MISC:https://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483;Assigned (20230929);None (candidate not yet proposed) +CVE-2023-45139;Candidate;fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.;FEDORA:FEDORA-2024-6d1d9f70d2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VY63B4SGY4QOQGUXMECRGD6K3YT3GJ75/ | MISC:https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c | URL:https://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c | MISC:https://github.com/fonttools/fonttools/releases/tag/4.43.0 | URL:https://github.com/fonttools/fonttools/releases/tag/4.43.0 | MISC:https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5 | URL:https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5;Assigned (20231004);None (candidate not yet proposed) +CVE-2023-45167;Candidate;IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.;MISC:https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc | URL:https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/267965 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/267965 | MISC:https://www.ibm.com/support/pages/node/7068084 | URL:https://www.ibm.com/support/pages/node/7068084;Assigned (20231005);None (candidate not yet proposed) +CVE-2023-4570;Candidate;An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.;MISC:https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html | URL:https://www.ni.com/en/support/documentation/supplemental/23/improper-restriction-in-ni-measurementlink-python-services.html;Assigned (20230828);None (candidate not yet proposed) +CVE-2023-45803;Candidate;urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.;FEDORA:FEDORA-2023-18f03a150d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/ | FEDORA:FEDORA-2023-932b0c86f4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/ | FEDORA:FEDORA-2023-dede912109 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/ | MISC:https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 | URL:https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 | MISC:https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 | URL:https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 | MISC:https://www.rfc-editor.org/rfc/rfc9110.html#name-get | URL:https://www.rfc-editor.org/rfc/rfc9110.html#name-get;Assigned (20231013);None (candidate not yet proposed) +CVE-2023-45805;Candidate;pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229 | URL:https://github.com/frostming/unearth/blob/eca170d9370ac5032f2e497ee9b1b63823d3fe0f/src/unearth/evaluator.py#L215-L229 | MISC:https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99 | URL:https://github.com/pdm-project/pdm/blob/45d1dfa47d4900c14a31b9bb761e4c46eb5c9442/src/pdm/models/candidates.py#L98-L99 | MISC:https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 | URL:https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 | MISC:https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 | URL:https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 | MISC:https://peps.python.org/pep-0440/#post-release-spelling | URL:https://peps.python.org/pep-0440/#post-release-spelling;Assigned (20231013);None (candidate not yet proposed) +CVE-2023-45813;Candidate;Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4 | URL:https://github.com/DedSecInside/TorBot/commit/ef6e06bc7785355b1701d5524eb4550441086ac4 | MISC:https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff | URL:https://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff;Assigned (20231013);None (candidate not yet proposed) +CVE-2023-46127;Candidate;Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.;MISC:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | URL:https://github.com/frappe/frappe/commit/3dc5d2fcc7561dde181ba953009fe6e39d64e900 | MISC:https://github.com/frappe/frappe/pull/22339 | URL:https://github.com/frappe/frappe/pull/22339 | MISC:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98 | URL:https://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98;Assigned (20231016);None (candidate not yet proposed) +CVE-2023-46128;Candidate;Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.;MISC:https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71 | URL:https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71 | MISC:https://github.com/nautobot/nautobot/pull/4692 | URL:https://github.com/nautobot/nautobot/pull/4692 | MISC:https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp | URL:https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp;Assigned (20231016);None (candidate not yet proposed) +CVE-2023-46247;Candidate;Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8.;MISC:https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 | URL:https://github.com/vyperlang/vyper/blob/6020b8bbf66b062d299d87bc7e4eddc4c9d1c157/vyper/semantics/validation/data_positions.py#L197 | MISC:https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | URL:https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bb | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-6m97-7527-mh74;Assigned (20231019);None (candidate not yet proposed) +CVE-2023-46250;Candidate;pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.;MISC:https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d | URL:https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d | MISC:https://github.com/py-pdf/pypdf/pull/2264 | URL:https://github.com/py-pdf/pypdf/pull/2264 | MISC:https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f | URL:https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f;Assigned (20231019);None (candidate not yet proposed) +CVE-2023-46404;Candidate;"PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.";MISC:https://bitbucket.org/utmandrew/pcrs/commits/5f18bcbb383b7d73f7a8b399cc52b23597d752ae | MISC:https://github.com/windecks/CVE-2023-46404;Assigned (20231023);None (candidate not yet proposed) +CVE-2023-46666;Candidate;"An issue was discovered when using Document Level Security and the SPO ""Limited Access"" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.";MISC:https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732 | URL:https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732 | MISC:https://www.elastic.co/community/security | URL:https://www.elastic.co/community/security;Assigned (20231024);None (candidate not yet proposed) +CVE-2023-47204;Candidate;Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.;MISC:https://github.com/toumorokoshi/transmute-core/pull/58 | MISC:https://github.com/toumorokoshi/transmute-core/releases/tag/v1.13.5;Assigned (20231102);None (candidate not yet proposed) +CVE-2023-47627;Candidate;aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.;FEDORA:FEDORA-2023-5130a73b00 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/ | FEDORA:FEDORA-2023-5130a73b00 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/ | FEDORA:FEDORA-2023-bc1f081ca0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/ | MISC:https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d | URL:https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg;Assigned (20231107);None (candidate not yet proposed) +CVE-2023-47641;Candidate;aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.;MISC:https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371 | URL:https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371 | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j;Assigned (20231107);None (candidate not yet proposed) +CVE-2023-4785;Candidate;Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected.;MISC:https://github.com/grpc/grpc/pull/33656 | URL:https://github.com/grpc/grpc/pull/33656 | MISC:https://github.com/grpc/grpc/pull/33667 | URL:https://github.com/grpc/grpc/pull/33667 | MISC:https://github.com/grpc/grpc/pull/33669 | URL:https://github.com/grpc/grpc/pull/33669 | MISC:https://github.com/grpc/grpc/pull/33670 | URL:https://github.com/grpc/grpc/pull/33670 | MISC:https://github.com/grpc/grpc/pull/33672 | URL:https://github.com/grpc/grpc/pull/33672;Assigned (20230906);None (candidate not yet proposed) +CVE-2023-48224;Candidate;Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller, or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user's privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability.;MISC:https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6 | URL:https://github.com/ethyca/fides/commit/685bae61c203d29ed189f4b066a5223a9bb774c6 | MISC:https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358 | URL:https://github.com/ethyca/fides/security/advisories/GHSA-82vr-5769-6358 | MISC:https://peps.python.org/pep-0506/ | URL:https://peps.python.org/pep-0506/;Assigned (20231113);None (candidate not yet proposed) +CVE-2023-48699;Candidate;fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above.;MISC:https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57 | URL:https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57 | MISC:https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806 | URL:https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806 | MISC:https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9 | URL:https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9;Assigned (20231117);None (candidate not yet proposed) +CVE-2023-49081;Candidate;aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.;MISC:https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e | URL:https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e | MISC:https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b | URL:https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b | MISC:https://github.com/aio-libs/aiohttp/pull/7835/files | URL:https://github.com/aio-libs/aiohttp/pull/7835/files | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2 | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2;Assigned (20231121);None (candidate not yet proposed) +CVE-2023-49082;Candidate;aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.;MISC:https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b | URL:https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b | MISC:https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466 | URL:https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466 | MISC:https://github.com/aio-libs/aiohttp/pull/7806/files | URL:https://github.com/aio-libs/aiohttp/pull/7806/files | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx;Assigned (20231121);None (candidate not yet proposed) +CVE-2023-49083;Candidate;cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.;FEDORA:FEDORA-2024-91f5df4002 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/ | MISC:https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a | URL:https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a | MISC:https://github.com/pyca/cryptography/pull/9926 | URL:https://github.com/pyca/cryptography/pull/9926 | MISC:https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 | URL:https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97;Assigned (20231121);None (candidate not yet proposed) +CVE-2023-49277;Candidate;dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. No known workarounds have been identified, and applying the patch is the most effective way to remediate the vulnerability.;MISC:https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086 | URL:https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086 | MISC:https://github.com/DarrenOfficial/dpaste/security/advisories/GHSA-r8j9-5cj7-cv39 | URL:https://github.com/DarrenOfficial/dpaste/security/advisories/GHSA-r8j9-5cj7-cv39;Assigned (20231124);None (candidate not yet proposed) +CVE-2023-49297;Candidate;PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.;FEDORA:FEDORA-2023-21d2191c73 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K34YWTDKBAYWZPOAKBYDM72WIFL5CAYW/ | FEDORA:FEDORA-2023-8e70979de3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYR5SJKOFSSXFV3E3D2SLXBUBA5WMJJG/ | MISC:https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004 | URL:https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004 | MISC:https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5 | URL:https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5;Assigned (20231124);None (candidate not yet proposed) +CVE-2023-49438;Candidate;An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.;FEDORA:FEDORA-2024-f34963bef8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/ | MISC:https://github.com/Flask-Middleware/flask-security | MISC:https://github.com/brandon-t-elliott/CVE-2023-49438;Assigned (20231127);None (candidate not yet proposed) +CVE-2023-49797;Candidate;PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if **all** the following are satisfied: 1. The user runs an application containing either `matplotlib` or `win32com`. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to `TMP`/`TEMP` environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between `shutil.rmtree()`'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to `pyinstaller >= 5.13.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability.;FEDORA:FEDORA-2023-0fb94a1209 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2K2XIQLEMZIKUQUOWNDYWTEWYQTKMAN7/ | FEDORA:FEDORA-2023-3909a0ab0e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ISRWT34FAF23PUOLVZ7RVWBZMWPDR5U7/ | MISC:https://github.com/pyinstaller/pyinstaller/pull/7827 | URL:https://github.com/pyinstaller/pyinstaller/pull/7827 | MISC:https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-9w2p-rh8c-v9g5 | URL:https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-9w2p-rh8c-v9g5 | MISC:https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623 | URL:https://github.com/python/cpython/blob/0fb18b02c8ad56299d6a2910be0bab8ad601ef24/Lib/shutil.py#L623;Assigned (20231130);None (candidate not yet proposed) +CVE-2023-50263;Candidate;"Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.";MISC:https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee | URL:https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee | MISC:https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee | URL:https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee | MISC:https://github.com/nautobot/nautobot/pull/4959 | URL:https://github.com/nautobot/nautobot/pull/4959 | MISC:https://github.com/nautobot/nautobot/pull/4964 | URL:https://github.com/nautobot/nautobot/pull/4964 | MISC:https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q | URL:https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q | MISC:https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py | URL:https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py;Assigned (20231205);None (candidate not yet proposed) +CVE-2023-50423;Candidate;SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.;MISC:https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ | URL:https://blogs.sap.com/2023/12/12/unveiling-critical-security-updates-sap-btp-security-note-3411067/ | MISC:https://github.com/SAP/cloud-pysec/ | URL:https://github.com/SAP/cloud-pysec/ | MISC:https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5 | URL:https://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5 | MISC:https://me.sap.com/notes/3411067 | URL:https://me.sap.com/notes/3411067 | MISC:https://pypi.org/project/sap-xssec/ | URL:https://pypi.org/project/sap-xssec/ | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html;Assigned (20231209);None (candidate not yet proposed) +CVE-2023-50782;Candidate;A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.;MISC:RHBZ#2254432 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2254432 | MISC:https://access.redhat.com/security/cve/CVE-2023-50782 | URL:https://access.redhat.com/security/cve/CVE-2023-50782;Assigned (20231213);None (candidate not yet proposed) +CVE-2023-51197;Candidate;An issue discovered in shell command execution in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows an attacker to run arbitrary commands and cause other impacts.;MISC:https://github.com/16yashpatel/CVE-2023-51197;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51198;Candidate;An issue in the permission and access control components within ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to gain escalate privileges.;MISC:https://github.com/16yashpatel/CVE-2023-51198;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51199;Candidate;Buffer Overflow vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code or cause a denial of service via improper handling of arrays or strings.;MISC:https://github.com/16yashpatel/CVE-2023-51199;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51200;Candidate;An issue in the default configurations of ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows unauthenticated attackers to authenticate using default credentials.;MISC:https://github.com/16yashpatel/CVE-2023-51200;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51201;Candidate;Cleartext Transmission issue in ROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to access sensitive information via a man-in-the-middle attack.;MISC:https://github.com/16yashpatel/CVE-2023-51201;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51202;Candidate;OS command injection vulnerability in command processing or system call componentsROS2 (Robot Operating System 2) Foxy Fitzroy, with ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary commands.;MISC:https://github.com/16yashpatel/CVE-2023-51202;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51204;Candidate;Insecure deserialization in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to execute arbitrary code via a crafted input.;MISC:https://github.com/16yashpatel/CVE-2023-51204;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51208;Candidate;An Arbitrary File Upload vulnerability in ROS2 Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 allows attackers to run arbitrary code and cause other impacts via upload of crafted file.;MISC:https://github.com/16yashpatel/CVE-2023-51208;Assigned (20231218);None (candidate not yet proposed) +CVE-2023-51449;Candidate;Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary files on a machine running a Gradio app with a public URL (e.g. if the demo was created with `share=True`, or on Hugging Face Spaces) if they knew the path of files to look for. This issue has been patched in version 4.11.0.;MISC:https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 | URL:https://github.com/gradio-app/gradio/commit/1b9d4234d6c25ef250d882c7b90e1f4039ed2d76 | MISC:https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055 | URL:https://github.com/gradio-app/gradio/commit/7ba8c5da45b004edd12c0460be9222f5b5f5f055 | MISC:https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2 | URL:https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2;Assigned (20231219);None (candidate not yet proposed) +CVE-2023-51649;Candidate;Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0;MISC:https://github.com/nautobot/nautobot/issues/4988 | URL:https://github.com/nautobot/nautobot/issues/4988 | MISC:https://github.com/nautobot/nautobot/pull/4993 | URL:https://github.com/nautobot/nautobot/pull/4993 | MISC:https://github.com/nautobot/nautobot/pull/4995 | URL:https://github.com/nautobot/nautobot/pull/4995 | MISC:https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999 | URL:https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999;Assigned (20231220);None (candidate not yet proposed) +CVE-2023-51663;Candidate;Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access.;MISC:https://github.com/hail-is/hail/security/advisories/GHSA-487p-qx68-5vjw | URL:https://github.com/hail-is/hail/security/advisories/GHSA-487p-qx68-5vjw;Assigned (20231221);None (candidate not yet proposed) +CVE-2023-52288;Candidate;An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/.txt URI (from views.py), allows attackers to read arbitrary files.;MISC:https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md;Assigned (20231231);None (candidate not yet proposed) +CVE-2023-52289;Candidate;An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/ URI (from views.py), allows attackers to write to arbitrary files.;MISC:https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md;Assigned (20231231);None (candidate not yet proposed) +CVE-2023-5625;Candidate;A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.;MISC:RHBZ#2244717 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2244717 | MISC:RHSA-2023:6128 | URL:https://access.redhat.com/errata/RHSA-2023:6128 | MISC:RHSA-2024:0188 | URL:https://access.redhat.com/errata/RHSA-2024:0188 | MISC:RHSA-2024:0213 | URL:https://access.redhat.com/errata/RHSA-2024:0213 | MISC:https://access.redhat.com/security/cve/CVE-2023-5625 | URL:https://access.redhat.com/security/cve/CVE-2023-5625;Assigned (20231017);None (candidate not yet proposed) +CVE-2023-6507;Candidate;An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).;MISC:https://github.com/python/cpython/issues/112334 | URL:https://github.com/python/cpython/issues/112334 | MISC:https://github.com/python/cpython/pull/112617 | URL:https://github.com/python/cpython/pull/112617 | MISC:https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ | URL:https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/;Assigned (20231204);None (candidate not yet proposed) +CVE-2023-7152;Candidate;A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.;MISC:https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26 | URL:https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26 | MISC:https://github.com/micropython/micropython/issues/12887 | URL:https://github.com/micropython/micropython/issues/12887 | MISC:https://vuldb.com/?ctiid.249158 | URL:https://vuldb.com/?ctiid.249158 | MISC:https://vuldb.com/?id.249158 | URL:https://vuldb.com/?id.249158;Assigned (20231228);None (candidate not yet proposed) +CVE-2023-7158;Candidate;A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.;MISC:https://github.com/micropython/micropython/issues/13007 | URL:https://github.com/micropython/micropython/issues/13007 | MISC:https://github.com/micropython/micropython/pull/13039 | URL:https://github.com/micropython/micropython/pull/13039 | MISC:https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f | URL:https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f | MISC:https://github.com/micropython/micropython/releases/tag/v1.22.0 | URL:https://github.com/micropython/micropython/releases/tag/v1.22.0 | MISC:https://vuldb.com/?ctiid.249180 | URL:https://vuldb.com/?ctiid.249180 | MISC:https://vuldb.com/?id.249180 | URL:https://vuldb.com/?id.249180;Assigned (20231228);None (candidate not yet proposed) +CVE-2024-0243;Candidate;"With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = ""https://example.com"" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, ""html.parser"").text ) docs = loader.load() ``` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like ""https://example.completely.different/my_file.html"" and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/15559";MISC:https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 | URL:https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 | MISC:https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861 | URL:https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861;Assigned (20240104);None (candidate not yet proposed)