Filtered by vendor Python
Subscribe
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1494 | 3 Fedoraproject, Opensuse, Python | 4 Fedora, Leap, Opensuse and 1 more | 2019-05-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | |||||
| CVE-2016-5636 | 1 Python | 1 Python | 2019-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-0772 | 1 Python | 1 Python | 2019-02-09 | 5.8 MEDIUM | 6.5 MEDIUM |
| The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | |||||
| CVE-2014-3589 | 3 Debian, Opensuse, Python | 3 Python-imaging, Opensuse, Pillow | 2018-10-30 | 5.0 MEDIUM | N/A |
| PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. | |||||
| CVE-2014-3598 | 2 Opensuse, Python | 2 Opensuse, Pillow | 2018-10-30 | 5.0 MEDIUM | N/A |
| The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. | |||||
| CVE-2014-9601 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Opensuse, Solaris and 1 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | |||||
| CVE-2014-1830 | 2 Opensuse, Python | 2 Opensuse, Requests | 2018-10-30 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. | |||||
| CVE-2017-17522 | 1 Python | 1 Python | 2017-12-28 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting. | |||||
| CVE-2014-1604 | 1 Python | 1 Rply | 2017-08-28 | 2.1 LOW | N/A |
| The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. | |||||
| CVE-2014-1624 | 1 Python | 1 Pyxdg | 2017-08-28 | 3.3 LOW | N/A |
| Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | |||||
| CVE-2016-9190 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |||||
| CVE-2016-9189 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | |||||
| CVE-2014-1933 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2017-06-30 | 2.1 LOW | N/A |
| The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. | |||||
| CVE-2016-4009 | 1 Python | 1 Pillow | 2017-06-30 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-2667 | 1 Python | 1 Python | 2017-06-30 | 3.3 LOW | N/A |
| Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | |||||
| CVE-2016-0740 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |||||
| CVE-2016-0775 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |||||
| CVE-2014-1932 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2017-06-30 | 4.4 MEDIUM | N/A |
| The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file. | |||||
| CVE-2016-2533 | 3 Debian, Python, Python Imaging Project | 3 Debian Linux, Pillow, Python Imaging | 2017-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. | |||||
| CVE-2016-3076 | 1 Python | 1 Pillow | 2017-04-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | |||||