Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArch LinuxASA-201412-15
HistoryDec 15, 2014 - 12:00 a.m.

python2: multiple issues

2014-12-1500:00:00
Arch Linux
lists.archlinux.org
18

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

75.4%

JSON

  • CVE-2013-1752 (denial of service)
    Multiple unbound readline() flaws in python stdlib were found, which can
    lead to excessive memory usage if a malicious or broken server sends
    excessively long lines without any line breaks.

  • CVE-2013-1753 (denial of service)
    The XMLRPC library is vulnerable to unrestricted decompression of HTTP
    responses using gzip enconding. A malicious server can send a specially
    prepared HTTP request that can result in memory exhaustion.

  • CVE-2014-9365 (man-in-the-middle)
    When Pythonโ€™s standard library HTTP clients (httplib, urllib, urllib2,
    xmlrpclib) are used to access resources with HTTPS, by default the
    certificate is not checked against any trust store, nor is the hostname
    in the certificate checked against the requested host. It was possible
    to configure a trust root to be checked against, however there were no
    faculties for hostname checking. This made MITM attacks against the HTTP
    clients trivial, and violated RFC 2818.

OSVersionArchitecturePackageVersionFilename
anyanyanypython2<ย 2.7.9-1UNKNOWN

Related

openvas 36
amazon 3
nessus 45
mageia 3
redhat 6
centos 3
f5 2
prion 3
debiancve 2
ibm 7
cve 3
veracode 7
ubuntucve 2
ubuntu 1
oraclelinux 4
osv 2
fedora 7
gentoo 1
seebug 1
slackware 1
securityvulns 3
vmware 2
suse 1
rosalinux 1
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-552)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0139)
2022-01-28 00:00:00
RedHat Update for python RHSA-2015:2101-01
2015-11-20 00:00:00
amazon
amazon
Medium: python27
2015-06-22 10:31:00
Medium: python26
2015-12-14 10:00:00
Medium: python26
2013-11-03 12:09:00
nessus
nessus
Amazon Linux AMI : python27 (ALAS-2015-552)
2015-06-25 00:00:00
Mandriva Linux Security Advisory : python (MDVSA-2014:074)
2014-04-10 00:00:00
Oracle Linux 7 : python (ELSA-2015-2101)
2015-11-24 00:00:00
mageia
mageia
Updated python package fixes security vulnerabilities
2014-03-24 11:37:41
Updated python packages fix CVE-2014-9365
2015-03-05 22:34:09
Updated python & python3 packages fix multiple vulnerabilities
2014-02-20 01:24:08
redhat
redhat
(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update
2015-11-19 13:41:01
(RHSA-2017:1162) Moderate: python27 security, bug fix, and enhancement update
2017-04-26 09:54:27
(RHSA-2017:1868) Moderate: python security and bug fix update
2017-08-01 05:55:26
centos
centos
python, tkinter security update
2015-11-30 19:48:49
python, tkinter security update
2017-08-24 01:40:45
python, tkinter security update
2015-07-26 14:11:19
f5
f5
Python vulnerability CVE-2014-9365
2018-08-29 21:42:00
K53192206 : Python and Jython vulnerability CVE-2013-1752
2017-07-21 00:00:00
prion
prion
Design/Logic Flaw
2014-12-12 11:59:00
Cross site request forgery (csrf)
2020-03-11 17:15:00
Design/Logic Flaw
2019-06-03 20:15:00
debiancve
debiancve
CVE-2014-9365
2014-12-12 11:59:00
CVE-2013-1753
2020-03-11 17:15:00
ibm
ibm
Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365)
2018-06-16 22:05:00
Security Bulletin: A vulnerability in Python affects PowerKVM
2018-06-18 01:37:30
Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)
2018-06-17 15:03:00
cve
cve
CVE-2014-9365
2014-12-12 11:59:00
CVE-2013-1753
2020-03-11 17:15:00
CVE-2013-1752
2019-06-03 20:15:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:17:17
Denial Of Service (DoS)
2019-01-15 09:06:08
Improper Input Validation
2019-05-02 05:39:24
ubuntucve
ubuntucve
CVE-2014-9365
2014-12-12 00:00:00
CVE-2013-1753
2015-06-04 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2015-06-25 00:00:00
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2015-11-23 00:00:00
python27 security, bug fix, and enhancement update
2016-02-04 00:00:00
python security, bug fix, and enhancement update
2015-07-28 00:00:00
osv
osv
xmlrpc gzip unlimited read
2020-03-11 16:46:35
smtplib unlimited read
2019-06-03 19:04:24
fedora
fedora
[SECURITY] Fedora 22 Update: jnr-posix-3.0.9-3.fc22
2015-04-21 19:25:36
[SECURITY] Fedora 21 Update: python-2.7.8-8.fc21
2015-04-18 09:43:06
[SECURITY] Fedora 22 Update: jline-2.12.1-1.fc22
2015-04-21 19:25:36
gentoo
gentoo
Python: Multiple vulnerabilities
2015-03-18 00:00:00
seebug
seebug
Pythonๅคšไธชๅฎ‰ๅ…จๆผๆดž
2013-12-30 00:00:00
slackware
slackware
[slackware-security] python
2019-03-03 22:46:15
securityvulns
securityvulns
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1957
2021-07-02 18:03:40

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

75.4%

JSON
Related for ASA-201412-15
openvas36amazon3nessus45mageia3redhat6centos3f52prion3debiancve2ibm7cve3veracode7ubuntucve2ubuntu1oraclelinux4osv2fedora7gentoo1seebug1slackware1securityvulns3vmware2suse1rosalinux1