The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Python

vulnerability bulletin CVE-2017-18207

Python Core: denial of service via Wave_read._read_fmt_chunk

Synthesis of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Impacted products: VNX Operating Environment, VNX Series, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 17/04/2018.
Identifiers: 32056, CVE-2017-18207, DSA-2019-131, openSUSE-SU-2018:0966-1, openSUSE-SU-2018:2126-1, SUSE-SU-2018:1786-1, SUSE-SU-2018:2040-1, VIGILANCE-VUL-25893.

Description of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 25736

Python: buffer overflow via Windows os.symlink

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Python.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: VIGILANCE-VUL-25736.

Description of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1061

Python: denial of service via Poplib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1061, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25735.

Description of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1060

Python: denial of service via Difflib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1060, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25734.

Description of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000117

Python: buffer overflow via Windows os.symlink

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink() of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Python.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/03/2018.
Identifiers: 33001, CVE-2018-1000117, VIGILANCE-VUL-25490.

Description of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink() of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 23906

Python: information disclosure via Typo Squatting

Synthesis of the vulnerability

An attacker created packages with similar names, to invite administrators to install them on Python, in order to obtain sensitive information.
Impacted products: Python.
Severity: 3/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 22/09/2017.
Identifiers: skcsirt-sa-20170909-pypi-malicious-code, VIGILANCE-VUL-23906.

Description of the vulnerability

An attacker created packages with similar names, to invite administrators to install them on Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-1000158

Python: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Python.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, Solaris, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/09/2017.
Identifiers: bpo-30500, bpo-30730, bulletinapr2018, bulletinjul2018, CVE-2017-1000158, DLA-1189-1, DLA-1190-1, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4307-1, FEDORA-2017-2d441a1d98, FEDORA-2017-2e5a17c4cc, FEDORA-2017-677069c484, FEDORA-2017-6be762ea64, FEDORA-2017-7fe2c4bc0e, FEDORA-2017-99d12bf610, FEDORA-2017-a41f6a8078, FEDORA-2017-cf8c62747a, FEDORA-2017-e0abe14016, issue30657, openSUSE-SU-2018:1415-1, SUSE-SU-2018:1372-1, USN-3496-1, USN-3496-2, USN-3496-3, VIGILANCE-VUL-23866.

Description of the vulnerability

Several vulnerabilities were announced in Python.

An attacker can use a vulnerability via Windows Environment Variables Injection, in order to run code. [severity:2/4; bpo-30730]

An attacker can bypass security features via urllib.splithost(), in order to escalate his privileges. [severity:2/4; bpo-30500]

An attacker can generate an integer overflow via PyString_DecodeEscape(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-1000158, issue30657]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-9063

expat: integer overflow via XML_Parse

Synthesis of the vulnerability

An attacker can generate an integer overflow via XML_Parse() of expat, in order to trigger a denial of service, and possibly to run code.
Impacted products: iOS by Apple, iPhone, Mac OS X, Fedora, openSUSE Leap, Python, Slackware, Nessus.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/07/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, CERTFR-2018-AVI-288, CVE-2016-9063, FEDORA-2017-18601ad5d2, FEDORA-2017-2c5635cd97, FEDORA-2017-a44f9aa38b, HT208144, openSUSE-SU-2017:2336-1, SSA:2017-266-02, SSA:2018-124-01, TNS-2018-08, VIGILANCE-VUL-23211.

Description of the vulnerability

An attacker can generate an integer overflow via XML_Parse() of expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-9233

expat: infinite loop

Synthesis of the vulnerability

An attacker can generate an infinite loop of expat, in order to trigger a denial of service.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, openSUSE Leap, Solaris, Python, Slackware, Nessus, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 19/06/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinjul2017, CERTFR-2018-AVI-288, CVE-2017-9233, DLA-990-1, DSA-3898-1, FEDORA-2017-18601ad5d2, FEDORA-2017-2c5635cd97, FEDORA-2017-a44f9aa38b, HT208144, openSUSE-SU-2017:2336-1, SSA:2017-266-02, SSA:2018-124-01, TNS-2018-08, USN-3356-1, USN-3356-2, VIGILANCE-VUL-22988.

Description of the vulnerability

An attacker can generate an infinite loop of expat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-9840 CVE-2016-9841 CVE-2016-9842

zlib: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of zlib.
Impacted products: iOS by Apple, iPhone, Mac OS X, Debian, Fedora, AIX, DB2 UDB, Domino, MQSeries, Notes, Security Directory Server, SPSS Statistics, Kubernetes, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Oracle OIT, Solaris, Percona Server, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, zlib.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 05/12/2016.
Identifiers: 1997877, 2001520, 2003212, 2004735, 2005160, 2005255, 2006014, 2006017, 2007242, 2010282, 2011648, 2014202, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinapr2017, bulletinoct2018, CERTFR-2018-AVI-288, cpujul2018, cpuoct2017, cpuoct2018, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, DLA-1725-1, FEDORA-2018-242f6c1a41, FEDORA-2018-55b875c1ac, HT208144, ibm10718843, openSUSE-SU-2016:3202-1, openSUSE-SU-2017:0077-1, openSUSE-SU-2017:0080-1, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, openSUSE-SU-2018:3478-1, openSUSE-SU-2019:0327-1, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, SSA:2018-309-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:2989-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:3542-1, SUSE-SU-2018:3972-1, SUSE-SU-2018:4211-1, SUSE-SU-2019:0119-1, SUSE-SU-2019:0555-1, SUSE-SU-2019:2048-1, TNS-2018-08, VIGILANCE-VUL-21262.

Description of the vulnerability

Several vulnerabilities were announced in zlib.

An attacker can generate a memory corruption via Deflate External Linkage, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

A pointer error may have a consequence. [severity:1/4]

An attacker can force a read at an invalid address via inftrees.c, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9840, CVE-2016-9841]

A negative number shift is undefined. [severity:1/4; CVE-2016-9842]

An attacker can force a read at an invalid address via Big-endian Pointer, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9843]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Python: