Page 9 of 71 results (0.019 seconds)

CVSS: 10.0EPSS: 2%CPEs: 30EXPL: 1

CVE-2016-5636 – python: Heap overflow in zipimporter module

https://notcve.org/view.php?id=CVE-2016-5636

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función get_data en zipimport.c en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 permite a atacantes remotos tener impacto no especificado a través de un valor de tamaño de datos negativo, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution. • https://github.com/insuyun/CVE-2016-5636 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-2586.html http://www.openwall.com/lists/oss-security/2016/06/15/15 http://www.openwall.com/lists/oss-security/2016/06/16/1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91247 http://www.securitytracker.com/id/1038138 http://www.splunk.com/view/SP-CAAAP • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 1

CVE-2016-2183 – CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)

https://notcve.org/view.php?id=CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen una cota de cumpleaños de aproximadamente cuatro mil millones de bloques, lo que facilita a atacantes remotos obtener datos de texto plano a través de un ataque de cumpleaños contra una sesión cifrada de larga duración, según lo demostrado por una sesión HTTPS usando Triple DES en modo CBC, también conocido como un ataque "Sweet32". A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 2

CVE-2016-5699 – python: http protocol steam injection attack

https://notcve.org/view.php?id=CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Vulnerabilidad de inyección CRLF en la función HTTPConnection.putheader en urllib2 y urllib en CPython (también conocido como Python) en versiones anteriores a 2.7.10 y 3.x en versiones anteriores a 3.4.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de secuencias CRLF en una URL. It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. • https://github.com/bunseokbot/CVE-2016-5699-poc http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com • CWE-20: Improper Input Validation CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 6.1EPSS: 22%CPEs: 8EXPL: 0

CVE-2016-1000110 – CGIHandler: sets environmental variable based on user supplied Proxy request header

https://notcve.org/view.php?id=CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. La clase CGIHandler en Python versiones anteriores a la versión 2.7.12, no protege contra el conflicto de nombre de la variable HTTP_PROXY en un script CGI, lo que podría permitir a un atacante remoto redireccionar las peticiones HTTP. It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000110 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU https://security-tracker.debian.org/tracker/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-1000110 https://bugzilla.redhat.com/show_bug.cgi?id=1357334 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.5EPSS: 1%CPEs: 30EXPL: 1

CVE-2016-0772 – Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

https://notcve.org/view.php?id=CVE-2016-0772

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." La librería smtplib en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 no devuelve un error cuando StartTLS falla, lo que podría permitir a atacantes man-in-the-middle eludir las protecciones TLS mediante el aprovechamiento de una posición de red entre el cliente y el registro para bloquear el comando StartTLS, también conocido como un "ataque de decapado StartTLS". It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. • https://www.exploit-db.com/exploits/43500 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com/lists/oss-security/2016/06/14/9 http://www.securityfocus.com/bid/91225 http:& • CWE-693: Protection Mechanism Failure •