Download
| Alert*
|
oval:org.secpod.oval:def:50182
Python 2.x (32 bit) is installed oval:org.secpod.oval:def:50184 Python 3.x (32 bit) is installed oval:org.secpod.oval:def:17565 The host is installed with Python 3.3.x before 3.3.3 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readl ... oval:org.secpod.oval:def:61193 The host is installed with Python 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 and is prone to an unsafe dll loading vulnerability. A flaw is present in the application, which fails to properly handle verification of api-ms-win-core-path-l1-1-0.dll that can be loaded and used instead ... oval:org.mitre.oval:def:11791 Python 32 bit is installed oval:org.secpod.oval:def:30095 The host is installed with Python 2.x before 2.7.9 and 3.x before 3.4.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle an arbitrary valid certificate. Successful exploitation could allow attackers to spoof SSL servers. oval:org.secpod.oval:def:64670 The host is installed with Python 3.8.4 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to properly check sys.path restrictions specified in a python38._pth file. Successful exploitation allows code to be loaded from arbitrary locations. oval:org.secpod.oval:def:30098 The host is installed with Python 3.1 through 3.3 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow remote attackers to obtain sensitive information or crash the service. oval:org.secpod.oval:def:36256 The host is installed with Python 2.x before 2.7.9 or 3.x before 3.3.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a crafted certificate. Successful exploitation could allow attackers to spoof servers. oval:org.secpod.oval:def:30097 The host is installed with Python Python 3.2.x or 3.3.x and is prone to an algorithmic complexity vulnerability. A flaw is present in the application, which fails to handle multiple wildcard characters. Successful exploitation could allow remote attackers to crash the service. oval:org.secpod.oval:def:61460 The host is installed with Python through 3.7.2 and is prone to an uncontrolled resource consumption vulnerability. The flaw is present in the application, which fails to properly handle Lib/zipfile.py. Successful exploitation allows remote attackers to cause a denial-of-service. oval:org.mitre.oval:def:12111 The asyncore module in Python 2.x before 2.7.0 or 3.x before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remo ... oval:org.secpod.oval:def:17189 The host is installed with Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 and is prone to cross site scripting vulnerability. The flaw is present in the list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer, which does not place a charset parameter in the Cont ... oval:org.secpod.oval:def:17197 The host is installed with Python 1.5.2 through 2.5.1 and is prone to multiple integer overflow vulnerabilities. The flaws are present in imageop.c in the imageop module in Python, which fails to properly handle large integer values in certain arguments to the crop function, leading to a buffer over ... oval:org.secpod.oval:def:17190 The host is installed with Python 2.2.3 through 2.5.1 or 2.6 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_ex ... oval:org.secpod.oval:def:63981 The host is installed with Python 3.x through 3.8.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly compute hash values in the IPv4Interface and IPv6Interface classes. Successful exploitation allows remote attackers to cause a denial o ... oval:org.secpod.oval:def:61194 The host is installed with Python 2.7 through 2.7.17, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 and is prone to an unsafe dll loading vulnerability. A flaw is present in the application, which fails to properly handle verification of api-ms-win-core-path-l1-1-0.dll that can be loa ... oval:org.secpod.oval:def:32760 The host is installed with Python 2.7 before 2.7.8 or 3.x before 3.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted input. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:69972 The host is installed with Python 3.6.x through 3.6.12, 3.7.x through 3.7.9, and 3.8.x through 3.8.7, 3.9.x through 3.9.1 and is prone to a buffer overflow vulnerability. A flaw is present in PyCArg_repr in _ctypes/callproc.c, which fails to properly handle unknown vectors. Successful exploitation a ... oval:org.secpod.oval:def:67777 The host is installed with Python 3.x through 3.6.12, 3.7.x through 3.7.9, 3.8.x through 3.8.6 or 3.9.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an issue in Lib/test/multibytecodec_support.py. Successful exploitation allows ... oval:org.secpod.oval:def:17194 The host is installed with Python 2.5 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the rgbimg module, which fails to properly handle an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. S ... oval:org.secpod.oval:def:17192 The host is installed with Python 2.5 and is prone to integer overflow vulnerability. The flaw is present in the rgbimg module, which fails to properly handle a large image that triggers a buffer overflow. Successful exploitation allows remote attackers to have an unspecified impact. oval:org.secpod.oval:def:17191 The host is installed with Python 2.5 and is prone to buffer overflow vulnerability. The flaw is present in the rgbimg module, which fails to properly handle a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. Successful exploitation allows remo ... oval:org.mitre.oval:def:12210 Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7 or 3.1allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected ... oval:org.secpod.oval:def:17196 The host is installed with Python 2.5, 2.6, and 3.0 and is prone to unspecified vulnerability. The flaw is present in is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module, which fails to properly handle an HTTP GET request that lacks a / (slash) character at the beginning of the URI. Succes ... oval:org.secpod.oval:def:17195 The host is installed with Python 2.6, 2.7, 3.1, and 3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the in audioop.c in the audioop module, which fails to properly handle large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the f ... oval:org.secpod.oval:def:17198 The host is installed with Python 2.7 and 3.2 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string. Successful exploitation allows context-depende ... oval:org.secpod.oval:def:942 The host is installed with Python and is prone to information disclosure vulnerability. A flaw is present in the CGIHTTPServer module, which fails to handle HTTP GET requests that lack a / (slash) character at the beginning of the URI. Successful exploitation could allow remote attackers to read scr ... oval:org.secpod.oval:def:87687 The host is installed with Python through 3.11 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to properly handle an issue in urllib.parse component. Successful exploitation allows attackers to bypass blocklisting methods by supplying a URL that s ... oval:org.secpod.oval:def:54092 The host is installed with Python through 2.7.13, 3.4.8 and 3.5.5 and is prone to an integer overflow vulnerability. The flaw is present in the application, which fails to properly handle an integer overflow in the PyString_DecodeEscape function in stringobject.c. Successful exploitation allows atta ... oval:org.secpod.oval:def:17185 The host is installed with Python 2.5.2 and earlier and is prone to integer overflow vulnerability. The flaw is present in the application, which fails to properly handle vectors related to "partial hashlib hashing of data exceeding 4GB. Successful exploitation allow context-dependent attackers to d ... oval:org.secpod.oval:def:17184 The host is installed with Python 2.5.2 and earlier and is prone to multiple integer overflows vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) ... oval:org.secpod.oval:def:17183 The host is installed with Python 2.5.2 and earlier and is prone to integer signedness error vulnerability. The flaw is present in the zlib extension module, which triggers insufficient memory allocation and a buffer overflow. Successful exploitation allows remote attackers to execute arbitrary code ... oval:org.secpod.oval:def:17188 The host is installed with Python 2.5.2 and earlier and is prone to buffer overflow vulnerability. The flaw is present in the PyOS_vsnprintf function in Python/mysnprintf.c, which fails to properly handle crafted input to string formatting operations. Successful exploitation allow context-dependent ... oval:org.secpod.oval:def:17187 The host is installed with Python before 2.5.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) ... oval:org.secpod.oval:def:17186 The host is installed with Python 2.5.2 and earlier and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize ... oval:org.secpod.oval:def:1050 The host is installed with Python and is prone to information disclosure vulnerability. A flaw is present in the application which is caused when specially crafted HTTP 302 redirect to cause the connected application to load a 'file://' resource to access a file or consume excessive resource. Succes ... oval:org.secpod.oval:def:50181 The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in pop3lib's apop() method. Successful exploitation allow context-dependent attackers ... oval:org.secpod.oval:def:17193 The host is installed with Python 2.6 before 2.7.4 or 3.x through 3.2 and is prone to information disclosure vulnerability. The flaw is present in the application, which creates ~/.pypirc with world-readable permissions before changing them after data has been written. Successful exploitation introd ... oval:org.secpod.oval:def:59794 The host is installed with Python before 2.7.13, 3.3.x before 3.3.7, 3.4.x before 3.4.6 or 3.5.x before 3.5.3 or 3.6.0 and is prone to an open redirection vulnerability. The flaw is present in the application, which fails to properly handle an issue in CGIHandler class. Successful exploitation allow ... oval:org.secpod.oval:def:50186 The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in difflib.IS_LINE_JUNK method. Successful exploitation allow context-dependent attack ... oval:org.secpod.oval:def:58415 The host is installed with Python 2.x through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9 or 3.7.x through 3.7.4 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to properly handle an issue in parsing email addresses. Successful exploitation all ... oval:org.secpod.oval:def:32761 The host is installed with Python 3.2 through 3.5 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle crafted input. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:58793 The host is installed with Python 2.x through 2.7.16, 3.x through 3.6.9 or 3.7.x through 3.7.4 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle untrusted input with set_server_title. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:50187 The host is installed with python 2.7.0 is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle the passage of unfiltered user input to the function. Successful exploitation allow attackers to cause a denial of service, information gain v ... oval:org.secpod.oval:def:30099 The host is installed with Python 2.6 through 3.4 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate. Successful exploitation co ... oval:org.secpod.oval:def:37884 The host is installed with Python before 2.7.10 or 3.x before 3.4.4 and is prone to a CRLF injection vulnerability. A flaw is present in the application, which fails to properly handle CRLF sequences in a URL. Successful exploitation could allow attackers to inject arbitrary HTTP headers. oval:org.secpod.oval:def:30094 The host is installed with Python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a large size and offset in a buffer function. Successful exploitation could allow attackers to obtain sensitive information. oval:org.secpod.oval:def:37883 The host is installed with Python 2.7.0 before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a negative data size value. Successful exploitation could allow attackers to have un ... oval:org.secpod.oval:def:37882 The host is installed with Python 2.7.0 before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 and is prone to a StartTLS stripping attack vulnerability. A flaw is present in the application, which does not return an error when StartTLS fails. Successful exploitation could allow attackers to bypass ... oval:org.secpod.oval:def:30096 The host is installed with Python 2.5 before 2.7.7 or 3.x before 3.3.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:8151 The host is installed with Python before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted input to an application that maintains a hash table. Successful exploitat ... oval:org.secpod.oval:def:8152 The host is installed with Python before before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted XML-RPC POST. Successful exploitation could allow attackers to cra ... oval:org.secpod.oval:def:89569 The host is installed with Python through 2.7.18 or 3.x through 3.11 and is prone to an improper validation of syntactic correctness of input vulnerability. The flaw is present in the application, which fails to properly handle an issues in e-mail module. Successful exploitation allows attackers to ... oval:org.secpod.oval:def:90579 The host is installed with Python through 3.11.4, or Oracle Database Server 21c and is prone to a buffer overflow vulnerability. The flaw is present in the application, which fails to properly handle the legacy email.utils.parseaddr function. Successful exploitation allows attackers to trigger "Recu ... |
