Download
| Alert*
|
oval:org.secpod.oval:def:59019
python27 subpackages are installed oval:org.secpod.oval:def:1200146 python27 is installed oval:org.secpod.oval:def:1600056 It was reported that Python built-in _json module have a flaw , which allows a local user to read current process" arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring ... oval:org.secpod.oval:def:1601372 The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user oval:org.secpod.oval:def:505818 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:118792 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:118524 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:1601065 A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.A vulnerability was found in sssd where, if a user was configured ... oval:org.secpod.oval:def:119403 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:1600298 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issu ... oval:org.secpod.oval:def:1601134 http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname ... oval:org.secpod.oval:def:1600093 Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. oval:org.secpod.oval:def:1600427 It was found that Python"s httplib library did not properly check HTTP header input in HTTPConnection.putheader. An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. It was found that Python"s smtplib library did not r ... oval:org.secpod.oval:def:1600988 A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts ... oval:org.secpod.oval:def:1600446 It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP requ ... oval:org.secpod.oval:def:1600952 A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop method. An attacker could use this flaw to cause denial of service.A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacke ... oval:org.secpod.oval:def:505086 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for ... oval:org.secpod.oval:def:1600002 It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script"s source code or execute arbitrary scripts in the server"s document root. Integer overflow in bufferobject.c in Python before 2 ... oval:org.secpod.oval:def:1601257 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. oval:org.secpod.oval:def:1600835 Integer overflow in PyString_DecodeEscape results in heap-base buffer overflowCPython is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow oval:org.secpod.oval:def:1200145 It was discovered that multiple Python standard library modules implementing network protocols failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. |
