Page 6 of 48 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 2

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Vulnerabilidad de inyección CRLF en la función HTTPConnection.putheader en urllib2 y urllib en CPython (también conocido como Python) en versiones anteriores a 2.7.10 y 3.x en versiones anteriores a 3.4.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de secuencias CRLF en una URL. It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. • https://github.com/bunseokbot/CVE-2016-5699-poc http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com • CWE-20: Improper Input Validation CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 0

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. La función ssl.match_hostname en CPython (también concida como Python) en versiones anteriores a 2.7.9 y 3.x en versiones anteriores a 3.3.3 no maneja correctamente comodines en los nombres de host, lo que podría permitir a atacantes man-in-the-middle suplantar servidores a través de un certificado manipulado. Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC 6125 recommendations. • http://seclists.org/oss-sec/2015/q2/483 http://seclists.org/oss-sec/2015/q2/523 http://www.securityfocus.com/bid/74707 https://access.redhat.com/errata/RHSA-2016:1166 https://bugs.python.org/issue17997 https://bugzilla.redhat.com/show_bug.cgi?id=1224999 https://hg.python.org/cpython/rev/10d0edadbcdd https://access.redhat.com/security/cve/CVE-2013-7440 • CWE-19: Data Processing Errors •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." Vulnerabilidad de busqueda de ruta no confiable en python.exe en Python hasta la versión 3.5.0 en Windows, permite a usuarios locales obtener privilegios a través de un Troyano en el archivo readline.pyd en el directorio de trabajo actual. NOTA: el vendedor afirma 'Está determinado que es un comportamiento antiguo de Python que en realidad no puede ser alterado en estos momentos'. • http://jvn.jp/en/jp/JVN49503705/995204/index.html http://jvn.jp/en/jp/JVN49503705/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141 http://www.securityfocus.com/bid/76929 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755 •

CVSS: 6.4EPSS: 1%CPEs: 12EXPL: 3

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Desbordamiento de enteros en bufferobject.c en Python anterior a 2.7.8 permite a atacantes dependientes de contexto obtener información sensible de la memoria de procesos a través de un tamaño y desplazamiento grande en una función 'buffer'. An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. • http://bugs.python.org/issue21831 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139663.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.openwall.com/lists/oss-security/2014/09/23/5 http://www.openwall.com/lists/oss-security/2014/09/25/47 http:/&# • CWE-189: Numeric Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 16%CPEs: 58EXPL: 1

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. SimpleXMLRPCServer.py en SimpleXMLRPCServer en Python antes de v2.6.8, v2.7.x antes de v2.7.3, v3.x antes de v3.1.5, y v3.2.x antes de v3.2.x, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de CPU) a través de una solicitud XML-RPC POST que contiene una cantidad de datos más pequeña que lo especificado en la cabecera Content-Length. • http://bugs.python.org/issue14001 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/releases/3.2.3 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http:/ • CWE-399: Resource Management Errors •