Download
| Alert*
oval:org.secpod.oval:def:204680
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ... oval:org.secpod.oval:def:701914 python2.6 is installed oval:org.secpod.oval:def:30095 The host is installed with Python 2.x before 2.7.9 and 3.x before 3.4.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle an arbitrary valid certificate. Successful exploitation could allow attackers to spoof SSL servers. oval:org.mitre.oval:def:12111 The asyncore module in Python 2.x before 2.7.0 or 3.x before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remo ... oval:org.secpod.oval:def:17190 The host is installed with Python 2.2.3 through 2.5.1 or 2.6 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_ex ... oval:org.secpod.oval:def:502097 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ... oval:org.secpod.oval:def:500037 Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the curr ... oval:org.mitre.oval:def:12210 Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7 or 3.1allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected ... oval:org.secpod.oval:def:17196 The host is installed with Python 2.5, 2.6, and 3.0 and is prone to unspecified vulnerability. The flaw is present in is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module, which fails to properly handle an HTTP GET request that lacks a / (slash) character at the beginning of the URI. Succes ... oval:org.secpod.oval:def:17195 The host is installed with Python 2.6, 2.7, 3.1, and 3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the in audioop.c in the audioop module, which fails to properly handle large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the f ... oval:org.secpod.oval:def:942 The host is installed with Python and is prone to information disclosure vulnerability. A flaw is present in the CGIHTTPServer module, which fails to handle HTTP GET requests that lack a / (slash) character at the beginning of the URI. Successful exploitation could allow remote attackers to read scr ... oval:org.secpod.oval:def:1901979 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:701053 python3.2: Interactive high-level object-oriented language Several security issues were fixed in Python 3.2. oval:org.secpod.oval:def:106381 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:107912 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:205342 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:500074 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:202194 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:500551 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:500277 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:1700212 urllib in Python 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call oval:org.secpod.oval:def:107190 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:1501098 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:202359 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:1500324 Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a d ... oval:org.secpod.oval:def:1050 The host is installed with Python and is prone to information disclosure vulnerability. A flaw is present in the application which is caused when specially crafted HTTP 302 redirect to cause the connected application to load a 'file://' resource to access a file or consume excessive resource. Succes ... oval:org.secpod.oval:def:107863 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:701441 python2.7: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:116617 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:603532 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape. oval:org.secpod.oval:def:503270 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:58423 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:50181 The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in pop3lib's apop() method. Successful exploitation allow context-dependent attackers ... oval:org.secpod.oval:def:17193 The host is installed with Python 2.6 before 2.7.4 or 3.x through 3.2 and is prone to information disclosure vulnerability. The flaw is present in the application, which creates ~/.pypirc with world-readable permissions before changing them after data has been written. Successful exploitation introd ... oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:50186 The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in difflib.IS_LINE_JUNK method. Successful exploitation allow context-dependent attack ... oval:org.secpod.oval:def:204246 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:51541 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:501611 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:105846 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:58857 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:201575 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:701445 python3.3: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:603531 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability. oval:org.secpod.oval:def:701443 python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:66476 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:601227 Multiple security issues were discovered in Python: CVE-2013-4238 Ryan Sleevi that NULL charactors in the subject alternate names of SSL cerficates were parsed incorrectly. CVE-2014-1912 Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into function. oval:org.secpod.oval:def:89003321 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:1901770 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call. oval:org.secpod.oval:def:501140 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note th ... oval:org.secpod.oval:def:58426 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1700194 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This is similar to the CVE-2019-97 ... oval:org.secpod.oval:def:202139 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:500813 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:105797 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:500814 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:108264 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:89003079 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:107203 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:106394 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:30099 The host is installed with Python 2.6 through 3.4 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate. Successful exploitation co ... oval:org.secpod.oval:def:107928 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:202361 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:116673 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:30096 The host is installed with Python 2.5 before 2.7.7 or 3.x before 3.3.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:53430 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape. oval:org.secpod.oval:def:201594 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:49173 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:701589 python2.7: An interactive high-level object-oriented language - python3.3: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language - python2.6: An interactive high-level object-oriented language Python could be made to crash or run programs ... oval:org.secpod.oval:def:53429 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability. oval:org.secpod.oval:def:89003071 This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server oval:org.secpod.oval:def:106114 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:8151 The host is installed with Python before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted input to an application that maintains a hash table. Successful exploitat ... oval:org.secpod.oval:def:8152 The host is installed with Python before before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted XML-RPC POST. Successful exploitation could allow attackers to cra ... |