| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of CPython
Python urllib: file reading via Blacklist Bypass
Synthesis of the vulnerability
A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, Python, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/03/2019.
Identifiers: 35907, CVE-2019-9948, DLA-1834-1, DLA-1852-1, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1580-1, RHSA-2019:1700-01, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, VIGILANCE-VUL-28848.
Description of the vulnerability
A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python urllib2: information disclosure via CRLF Injection HTTP/Redis
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Python, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/03/2019.
Identifiers: 35906, CVE-2019-9947, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, SUSE-SU-2019:1352-1, SUSE-SU-2019:1352-2, VIGILANCE-VUL-28847.
Description of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python urllib2: information disclosure via CRLF Injection
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Impacted products: Ansible Tower, Debian, Fedora, Python.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/03/2019.
Identifiers: 36276, CVE-2019-9740, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, VIGILANCE-VUL-28846.
Description of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: information disclosure via Cookie Domain Check
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Impacted products: Python.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 19/03/2019.
Identifiers: 35121, CVE-2018-20852, VIGILANCE-VUL-28767.
Description of the vulnerability
An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: information disclosure via Punycode/IDNA NFKC Normalization
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 08/03/2019.
Identifiers: 36216, bulletinapr2019, CVE-2019-9636, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, openSUSE-SU-2019:1580-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, VIGILANCE-VUL-28692.
Description of the vulnerability
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: integer overflow via Pickle
Synthesis of the vulnerability
An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/02/2019.
Identifiers: 34656, CVE-2018-20406, DLA-1663-1, openSUSE-SU-2019:0155-1, SUSE-SU-2019:0215-1, SUSE-SU-2019:0243-1, VIGILANCE-VUL-28419.
Description of the vulnerability
An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Python: NULL pointer dereference via _get_crl_dp
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Python, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/01/2019.
Identifiers: 35746, CVE-2019-5010, DLA-1663-1, DLA-1834-1, FEDORA-2019-00870e8bfc, openSUSE-SU-2019:0155-1, openSUSE-SU-2019:0184-1, openSUSE-SU-2019:0292-1, SSA:2019-062-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0223-1, SUSE-SU-2019:0243-1, SUSE-SU-2019:0271-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, TALOS-2019-0758, VIGILANCE-VUL-28358.
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Python: denial of service via XML Hash Collisions
Synthesis of the vulnerability
An attacker can generate a fatal error via XML Hash Collisions of Python, in order to trigger a denial of service.
Impacted products: Debian, IBM i, openSUSE Leap, Python, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/09/2018.
Identifiers: 34623, CVE-2018-14647, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-4306-1, DSA-4307-1, ibm10876694, openSUSE-SU-2019:0292-1, SSA:2019-062-01, SUSE-SU-2018:3156-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-27355.
Description of the vulnerability
An attacker can generate a fatal error via XML Hash Collisions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Python: code execution via shutil-make_archive
Synthesis of the vulnerability
An attacker can use a vulnerability via shutil-make_archive() of Python, in order to run code.
Impacted products: Debian, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 26/09/2018.
Identifiers: 34540, CVE-2018-1000802, DLA-1519-1, DLA-1520-1, DSA-4306-1, openSUSE-SU-2018:3052-1, openSUSE-SU-2018:3703-1, SUSE-SU-2018:3002-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-27318.
Description of the vulnerability
An attacker can use a vulnerability via shutil-make_archive() of Python, in order to run code.
Full Vigil@nce bulletin... (Free trial) |
Python: buffer overflow via os.symlink
Synthesis of the vulnerability
An attacker can generate a buffer overflow via os.symlink of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Python.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 13/08/2018.
Identifiers: VIGILANCE-VUL-26967.
Description of the vulnerability
An attacker can generate a buffer overflow via os.symlink of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about CPython:
|