Page 8 of 59 results (0.018 seconds)

CVSS: 2.6EPSS: 0%CPEs: 39EXPL: 0

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. La función list_directory en lib/SimpleHTTPServer.py en SimpleHTTPServer en Python anterior a v2.5.6c1, v2.6.x anterior a v2.6.7 RC2, y v2.7.x anterior a v2.7.2 no pone un parámetro charset en la cabecera Content-Type de HTTP, lo que hace más fácil para los atacantes remotos realizar ataques XSS contra Internet Explorer 7 a través de codificación UTF-7. • http://bugs.python.org/issue11442 http://jvn.jp/en/jp/JVN51176027/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://www.securityfocus.com/bid/54083 http://www.ubuntu.com/usn/USN-1592-1 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1613-2 https://bugzilla.redhat.com/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 1

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Python anteriores a v2.6.8, v2.7.x anteriores a v2.7.3, 3.x anteriores a v3.1.5, y v3.2.x anteriores a v3.2.3 procesa los valores hash sin restringir la disponibilidad para provocar colisiones predecibles, lo que permite a atacantes dependiendo del contexto provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada sobre una aplicación que mantiene una tabla hash. • http://bugs.python.org/issue13703 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://mail.python.org/pipermail/python-dev/2011-December/115116.html http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://python.org/download/releases/2.6.8 http://python.org/download/releases/2.7.3 http://python.org/download/releases/3.1.5 http://python.org/download/ • CWE-310: Cryptographic Issues •

CVSS: 6.4EPSS: 13%CPEs: 39EXPL: 0

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Los módulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicación que especificar la redirección del fichero: URLs, lo que hace que sea más fácil para los atacantes remotos obtener información sensible o provocar una denegación de servicio (consumo de recursos) a través de una URL manipulada, como lo demuestra lso ficheros URLs: //etc/passwd y //dev/zero. • http://bugs.python.org/issue11662 http://hg.python.org/cpython/file/96a6c128822b/Misc/NEWS http://hg.python.org/cpython/file/b2934d98dac1/Misc/NEWS http://hg.python.org/cpython/rev/96a6c128822b http://hg.python.org/cpython/rev/b2934d98dac1 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://openwall.com/lists/oss-security/2011/03/24/5 http://openwall.com/lists/oss-secur • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. El módulo asyncore en Python anterior a v3.2 no controla correctamente llamadas fallidas a la función accept, y no tiene la documentación adjunta que describa cómo las aplicaciones demonio atienden las llamadas sin éxito a la función accept, lo cual facilita a atacantes remotos realizar ataques de denegación de servicio que terminan estas aplicaciones a través de conexiones de red. • http://bugs.python.org/issue6706 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •

CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 1

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. El módulo audioop en Python v2.7 y v3.2 no verifica las relaciones entre tamaños de argumentos y longitud de cadenas de byte, lo que permite a atacantes de contexto causar una denegación de servicio (corrupción de memoria y caída de programa) a través de argumentos manipulados, como queda demostrado por una llamada a audioop.reverse con una cadena de un byte, una vulnerabilidad diferente que CVE-2010-1634. • https://www.exploit-db.com/exploits/34145 http://bugs.python.org/issue7673 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http:& • CWE-787: Out-of-bounds Write •