[Forgot Password]
Login  Register Subscribe

24003

 
 

131423

 
 

103942

 
 

909

 
 

83962

 
 

133

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:17193
The host is installed with Python 2.6 through 3.2 and is prone to information disclosure vulnerability. The flaw is present in the application, which creates ~/.pypirc with world-readable permissions before changing them after data has been written. Successful exploitation introduces a race conditio ...

oval:org.secpod.oval:def:36256
The host is installed with Python 2.x before 2.7.9 or 3.x before 3.3.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a crafted certificate. Successful exploitation could allow attackers to spoof servers.

oval:org.secpod.oval:def:30099
The host is installed with Python 2.6 through 3.4 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate. Successful exploitation co ...

oval:org.secpod.oval:def:1500324
Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a d ...

oval:org.secpod.oval:def:1600316
It was discovered that multiple Python standard library modules implementing network protocols failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. The ssl.match_hostname function in the SSL ...

oval:org.secpod.oval:def:1600298
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issu ...

oval:org.secpod.oval:def:500074
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ...

oval:org.secpod.oval:def:500277
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ...

oval:org.secpod.oval:def:201575
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ...

oval:org.secpod.oval:def:201594
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ...

oval:org.secpod.oval:def:701445
python3.3: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:701443
python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:701441
python2.7: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:37882
The host is installed with Python 2.7.0 before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 and is prone to a StartTLS stripping attack vulnerability. A flaw is present in the application, which does not return an error when StartTLS fails. Successful exploitation could allow attackers to bypass ...

oval:org.secpod.oval:def:38125
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:39658
The host is installed with Apple Mac OS X or Server 10.12.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted zip archives. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:1501653
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ...

oval:org.secpod.oval:def:1600427
It was found that Python"s httplib library did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. It was found that Python"s smtplib library did not r ...

oval:org.secpod.oval:def:204111
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ...

oval:org.secpod.oval:def:703360
python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python.

oval:org.secpod.oval:def:37883
The host is installed with Python 2.7.0 before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a negative data size value. Successful exploitation could allow attackers to have un ...

oval:org.secpod.oval:def:203990
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:1501555
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:203989
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:1501556
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:37884
The host is installed with Python before 2.7.10 or 3.x before 3.4.4 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle CRLF sequences in a URL. Successful exploitation could allow attackers to inject arbitrary HTTP headers.

oval:org.secpod.oval:def:20982
The host is installed with Python 2.5 before 2.7.7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow attackers to execute arbitrary code via a crafted string.

oval:org.secpod.oval:def:601227
Multiple security issues were discovered in Python: CVE-2013-4238 Ryan Sleevi that NULL charactors in the subject alternate names of SSL cerficates were parsed incorrectly. CVE-2014-1912 Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into function.

oval:org.secpod.oval:def:1600103
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

oval:org.secpod.oval:def:1600093
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

oval:org.secpod.oval:def:30096
The host is installed with Python 2.5 before 2.7.7 or 3.x before 3.3.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow remote attackers to execute arbitrary code.

oval:org.secpod.oval:def:701589
python2.7: An interactive high-level object-oriented language - python3.3: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language - python2.6: An interactive high-level object-oriented language Python could be made to crash or run programs ...

oval:org.secpod.oval:def:1600072
It was reported that Python built-in _json module have a flaw , which allows a local user to read current process" arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring ...

oval:org.secpod.oval:def:1600056
It was reported that Python built-in _json module have a flaw , which allows a local user to read current process" arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring ...

oval:org.secpod.oval:def:1501098
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:204246
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ...

oval:org.secpod.oval:def:1501247
The remote host is missing a patch containing a security fix, which affects the following package(s): python

oval:org.secpod.oval:def:501611
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ...

oval:org.secpod.oval:def:204253
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ...

oval:org.secpod.oval:def:502097
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ...

oval:org.secpod.oval:def:32760
The host is installed with Python 2.7 before 3.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted input. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:30095
The host is installed with Python 2.x before 2.7.9 and 3.x before 3.4.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle an arbitrary valid certificate. Successful exploitation could allow attackers to spoof SSL servers.

oval:org.secpod.oval:def:501714
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ...

oval:org.secpod.oval:def:501864
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:501891
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ...

oval:org.secpod.oval:def:501140
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note th ...

oval:org.secpod.oval:def:39718
The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:701053
python3.2: Interactive high-level object-oriented language Several security issues were fixed in Python 3.2.

oval:org.secpod.oval:def:202359
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ...

oval:org.secpod.oval:def:500813
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ...

oval:org.secpod.oval:def:500814
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ...

oval:org.mitre.oval:def:12111
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct ...

oval:org.secpod.oval:def:202361
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ...

oval:org.secpod.oval:def:8151
The host is installed with Python before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted input to an application that maintains a hash table. Successful exploitat ...

oval:org.secpod.oval:def:8152
The host is installed with Python before before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted XML-RPC POST. Successful exploitation could allow attackers to cra ...

oval:org.secpod.oval:def:1800239
CVE-2016-0772: smtplib StartTLS stripping attack. CVE-2016-5636: Heap overflow in zipimporter module . CVE-2016-5699: HTTP header injection in urrlib2/urllib/

oval:org.secpod.oval:def:1800750
CVE-2016-0772: smtplib StartTLS stripping attack. CVE-2016-5636: Heap overflow in zipimporter module . CVE-2016-5699: HTTP header injection in urrlib2/urllib/

oval:org.secpod.oval:def:1050
The host is installed with Python and is prone to information disclosure vulnerability. A flaw is present in the application which is caused when specially crafted HTTP 302 redirect to cause the connected application to load a 'file://' resource to access a file or consume excessive resource. Succes ...

oval:org.secpod.oval:def:105797
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.

oval:org.secpod.oval:def:105846
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:106114
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.

oval:org.secpod.oval:def:106381
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.

oval:org.secpod.oval:def:106394
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:107190
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:107203
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.

oval:org.secpod.oval:def:107863
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:107912
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.

oval:org.secpod.oval:def:107928
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ...

oval:org.secpod.oval:def:108264
Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.

CVE    14
CVE-2016-0772
CVE-2011-4944
CVE-2014-9365
CVE-2013-7040
...
*CPE
cpe:/a:python:python:3.0.1

© 2013 SecPod Technologies