Download
| Alert*
|
oval:org.secpod.oval:def:605184
python2.7 is installed oval:org.secpod.oval:def:204680 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ... oval:org.secpod.oval:def:701878 python2.7 is installed oval:org.secpod.oval:def:30095 The host is installed with Python 2.x before 2.7.9 and 3.x before 3.4.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle an arbitrary valid certificate. Successful exploitation could allow attackers to spoof SSL servers. oval:org.secpod.oval:def:70402 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisor ... oval:org.mitre.oval:def:12111 The asyncore module in Python 2.x before 2.7.0 or 3.x before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remo ... oval:org.secpod.oval:def:17189 The host is installed with Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 and is prone to cross site scripting vulnerability. The flaw is present in the list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer, which does not place a charset parameter in the Cont ... oval:org.secpod.oval:def:70193 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:70405 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original a ... oval:org.secpod.oval:def:79864 python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:502097 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ... oval:org.secpod.oval:def:32760 The host is installed with Python 2.7 before 2.7.8 or 3.x before 3.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted input. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:2004825 In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. oval:org.secpod.oval:def:2003944 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. oval:org.secpod.oval:def:705439 python3.7: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object- ... oval:org.secpod.oval:def:705920 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. We apologize for the inconvenience. Original a ... oval:org.secpod.oval:def:705917 python2.7: An interactive high-level object-oriented language Details: USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. We apologize for the inconvenience. Original advisor ... oval:org.secpod.oval:def:70397 python3.8: Interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-or ... oval:org.secpod.oval:def:705912 python3.8: Interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-or ... oval:org.mitre.oval:def:12210 Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7 or 3.1allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected ... oval:org.secpod.oval:def:17195 The host is installed with Python 2.6, 2.7, 3.1, and 3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the in audioop.c in the audioop module, which fails to properly handle large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the f ... oval:org.secpod.oval:def:17198 The host is installed with Python 2.7 and 3.2 and is prone to denial of service vulnerability. The flaw is present in the application, which fails to properly handle crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string. Successful exploitation allows context-depende ... oval:org.secpod.oval:def:707635 python2.7: An interactive high-level object-oriented language - python3.10: Interactive high-level object-oriented language - python3.9: Interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.6: An interactive high-level object-ori ... oval:org.secpod.oval:def:89501 python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object ... oval:org.secpod.oval:def:88554 python2.7: An interactive high-level object-oriented language - python3.10: Interactive high-level object-oriented language - python3.9: Interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python3.6: An interactive high-level object-ori ... oval:org.secpod.oval:def:1901979 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:1901831 NULL pointer dereference using a specially crafted X509 certificate oval:org.secpod.oval:def:1901833 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:500277 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:1700212 urllib in Python 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call oval:org.secpod.oval:def:1501098 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:1500324 Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a d ... oval:org.secpod.oval:def:702624 python2.7: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:603532 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape. oval:org.secpod.oval:def:503270 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:52085 python2.7: An interactive high-level object-oriented language Python could be made to run arbitrary code. oval:org.secpod.oval:def:50181 The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in pop3lib's apop() method. Successful exploitation allow context-dependent attackers ... oval:org.secpod.oval:def:17193 The host is installed with Python 2.6 before 2.7.4 or 3.x through 3.2 and is prone to information disclosure vulnerability. The flaw is present in the application, which creates ~/.pypirc with world-readable permissions before changing them after data has been written. Successful exploitation introd ... oval:org.secpod.oval:def:89003137 This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document . - CVE-2018-1000802: Fixed a command injection in th ... oval:org.secpod.oval:def:50186 The host is installed with python before versions 2.7.15 or 3.4.9 and is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle catastrophic backtracking in difflib.IS_LINE_JUNK method. Successful exploitation allow context-dependent attack ... oval:org.secpod.oval:def:51541 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:52512 python2.7: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:58857 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:201575 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:603531 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability. oval:org.secpod.oval:def:66476 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1901770 urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen call. oval:org.secpod.oval:def:501140 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note th ... oval:org.secpod.oval:def:51165 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:50187 The host is installed with python 2.7.0 is prone to a denial-of-service vulnerability. The flaw is present in the application, which fails to properly handle the passage of unfiltered user input to the function. Successful exploitation allow attackers to cause a denial of service, information gain v ... oval:org.secpod.oval:def:51672 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:105797 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:108264 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:89003079 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:107203 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:703360 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:89002025 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module via passage of unfiltered user input . - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib . - C ... oval:org.secpod.oval:def:30099 The host is installed with Python 2.6 through 3.4 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate. Successful exploitation co ... oval:org.secpod.oval:def:202361 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:30094 The host is installed with Python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a large size and offset in a buffer function. Successful exploitation could allow attackers to obtain sensitive information. oval:org.secpod.oval:def:116673 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:30096 The host is installed with Python 2.5 before 2.7.7 or 3.x before 3.3.4 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow remote attackers to execute arbitrary code. oval:org.secpod.oval:def:701589 python2.7: An interactive high-level object-oriented language - python3.3: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language - python2.6: An interactive high-level object-oriented language Python could be made to crash or run programs ... oval:org.secpod.oval:def:89003071 This update for python3 fixes the following issues: - CVE-2019-16056: Fixed a parser issue in the email module. - CVE-2018-20852: Fixed an incorrect domain validation that could lead to cookies being sent to the wrong server oval:org.secpod.oval:def:1502537 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:106114 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:8151 The host is installed with Python before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted input to an application that maintains a hash table. Successful exploitat ... oval:org.secpod.oval:def:8152 The host is installed with Python before before 2.6.8, 2.7.x before 2.7.3, 3.2.x before 3.2.3 or 3.x through 3.1.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted XML-RPC POST. Successful exploitation could allow attackers to cra ... oval:org.secpod.oval:def:89003342 This update for python3 fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document . - CVE-2018-1000802: Fixed a command injection in th ... oval:org.secpod.oval:def:701053 python3.2: Interactive high-level object-oriented language Several security issues were fixed in Python 3.2. oval:org.secpod.oval:def:38125 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:106381 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:107912 Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. oval:org.secpod.oval:def:205342 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:500074 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:21805 The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ... oval:org.secpod.oval:def:1502265 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:107190 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:704208 python2.7: An interactive high-level object-oriented language Python could be made to run arbitrary code. oval:org.secpod.oval:def:202359 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:1050 The host is installed with Python and is prone to information disclosure vulnerability. A flaw is present in the application which is caused when specially crafted HTTP 302 redirect to cause the connected application to load a 'file://' resource to access a file or consume excessive resource. Succes ... oval:org.secpod.oval:def:107863 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:701441 python2.7: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:116617 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the ... oval:org.secpod.oval:def:107746 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:59590 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:58423 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:204246 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:501611 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:105846 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:701445 python3.3: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:701443 python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:601227 Multiple security issues were discovered in Python: CVE-2013-4238 Ryan Sleevi that NULL charactors in the subject alternate names of SSL cerficates were parsed incorrectly. CVE-2014-1912 Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into function. oval:org.secpod.oval:def:704387 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:89003321 This update for python fixes the following issues: - CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 . - CVE-2018-20852: Fixed an information leak where cookies could be send to the wrong server because of incorrect domain validation . oval:org.secpod.oval:def:58426 python2.7: An interactive high-level object-oriented language - python3.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1700194 An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This is similar to the CVE-2019-97 ... oval:org.secpod.oval:def:500813 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:500814 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:106394 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:2004826 The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary Java ... oval:org.secpod.oval:def:89002340 This update for python, python-base fixes the following issues: Security issues fixed: - CVE-2018-1000802: Prevent command injection in shutil module via passage of unfiltered user input . - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib . - C ... oval:org.secpod.oval:def:52181 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:107928 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:53430 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape. oval:org.secpod.oval:def:201594 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:49173 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:53429 Multiple security issues were discovered in Python: ElementTree failed to initialise Expat"s hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability. oval:org.secpod.oval:def:1501247 The remote host is missing a patch containing a security fix, which affects the following package(s): python oval:org.secpod.oval:def:2001358 ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploi ... oval:org.secpod.oval:def:500037 Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the curr ... |
