National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): python
  • Search Type: Search All
There are 381 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2014-1830

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

Published: October 15, 2014; 10:55:05 AM -04:00
V2: 5.0 MEDIUM
CVE-2014-1829

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

Published: October 15, 2014; 10:55:05 AM -04:00
V2: 5.0 MEDIUM
CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

Published: October 08, 2014; 01:55:05 PM -04:00
V2: 6.4 MEDIUM
CVE-2014-7144

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

Published: October 02, 2014; 10:55:04 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-5506

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.

Published: September 30, 2014; 10:55:06 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-5499

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.

Published: September 30, 2014; 10:55:06 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-5495

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."

Published: September 30, 2014; 10:55:06 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-5494

Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."

Published: September 30, 2014; 10:55:06 AM -04:00
V2: 4.3 MEDIUM
CVE-2012-5493

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.

Published: September 30, 2014; 10:55:06 AM -04:00
V2: 8.5 HIGH
CVE-2012-5488

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

Published: September 30, 2014; 10:55:05 AM -04:00
V2: 5.0 MEDIUM
CVE-2012-5487

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

Published: September 30, 2014; 10:55:05 AM -04:00
V2: 8.5 HIGH
CVE-2012-5485

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

Published: September 30, 2014; 10:55:05 AM -04:00
V2: 6.8 MEDIUM
CVE-2014-5340

The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.

Published: September 02, 2014; 10:55:03 AM -04:00
V2: 9.3 HIGH
CVE-2014-0485

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

Published: September 02, 2014; 10:55:03 AM -04:00
V2: 7.5 HIGH
CVE-2014-3589

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

Published: August 25, 2014; 10:55:06 AM -04:00
V2: 5.0 MEDIUM
CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

Published: August 07, 2014; 07:13:34 AM -04:00
V2: 6.8 MEDIUM
CVE-2014-2967

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.

Published: July 07, 2014; 07:01:29 AM -04:00
V2: 10.0 HIGH
CVE-2013-1068

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

Published: June 19, 2014; 11:55:06 AM -04:00
V2: 5.0 MEDIUM
CVE-2013-7323

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Published: June 09, 2014; 03:55:10 PM -04:00
V2: 7.5 HIGH
CVE-2013-4347

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.

Published: May 20, 2014; 10:55:04 AM -04:00
V2: 5.8 MEDIUM