Page 40 of 281 results (0.024 seconds)

CVSS: 6.5EPSS: 1%CPEs: 30EXPL: 1

CVE-2016-0772 – Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

https://notcve.org/view.php?id=CVE-2016-0772

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." La librería smtplib en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 no devuelve un error cuando StartTLS falla, lo que podría permitir a atacantes man-in-the-middle eludir las protecciones TLS mediante el aprovechamiento de una posición de red entre el cliente y el registro para bloquear el comando StartTLS, también conocido como un "ataque de decapado StartTLS". It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. • https://www.exploit-db.com/exploits/43500 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com/lists/oss-security/2016/06/14/9 http://www.securityfocus.com/bid/91225 http:& • CWE-693: Protection Mechanism Failure •

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 2

CVE-2016-5699 – python: http protocol steam injection attack

https://notcve.org/view.php?id=CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Vulnerabilidad de inyección CRLF en la función HTTPConnection.putheader en urllib2 y urllib en CPython (también conocido como Python) en versiones anteriores a 2.7.10 y 3.x en versiones anteriores a 3.4.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de secuencias CRLF en una URL. It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. • https://github.com/bunseokbot/CVE-2016-5699-poc http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com • CWE-20: Improper Input Validation CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 6.1EPSS: 22%CPEs: 8EXPL: 0

CVE-2016-1000110 – CGIHandler: sets environmental variable based on user supplied Proxy request header

https://notcve.org/view.php?id=CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. La clase CGIHandler en Python versiones anteriores a la versión 2.7.12, no protege contra el conflicto de nombre de la variable HTTP_PROXY en un script CGI, lo que podría permitir a un atacante remoto redireccionar las peticiones HTTP. It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU https://security-tracker.debian.org/tracker/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-1000110 https://bugzilla.redhat.com/show_bug.cgi?id=1357334 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.5EPSS: 3%CPEs: 5EXPL: 0

CVE-2016-3189

https://notcve.org/view.php?id=CVE-2016-3189

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. Vulnerabilidad de uso después de liberación de memoria en bzip2recover en bzip2 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo bzip2 manipulado, relacionado con el establecimiento de extremos de bloque antes del inicio del bloque. • http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html http://www.openwall.com/lists/oss-security/2016/06/20/1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91297 http://www.securitytracker.com/id/1036132 https://bugzilla.redhat.com/show_bug.cgi?id=1319648 https://lists.apache.org/thread.html/r19b4a70ac5 •

CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0

CVE-2016-4472

https://notcve.org/view.php?id=CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. La protección de desbordamiento en Expat es eliminada por los compiladores con ciertos ajustes de optimización, lo que permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de datos XML manipulados. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-1283 y CVE-2015-2716. • http://www.securityfocus.com/bid/91528 http://www.ubuntu.com/usn/USN-3013-1 https://bugzilla.redhat.com/show_bug.cgi?id=1344251 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://security.gentoo.org/glsa/201701-21 https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde https://www.tenable.com/security/tns-2016-20 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •