Download
| Alert*
|
oval:org.secpod.oval:def:702627
python3.4 is installed oval:org.secpod.oval:def:1901830 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:38125 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:704187 python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory Python could be made to run ... oval:org.secpod.oval:def:52181 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:52074 python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Details: USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory Python could be made to run ... oval:org.secpod.oval:def:1901831 NULL pointer dereference using a specially crafted X509 certificate oval:org.secpod.oval:def:1901767 An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n followed by an HTTP header or a Redis command. This ... oval:org.secpod.oval:def:1901833 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding during NFKC normalization. The impact is: Information disclosure . The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorre ... oval:org.secpod.oval:def:51541 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:49173 python2.7: An interactive high-level object-oriented language - python3.5: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:52512 python2.7: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:2000538 Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of ... oval:org.secpod.oval:def:702624 python2.7: An interactive high-level object-oriented language - python3.4: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:2001358 ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploi ... |
