PSF-2016-3 smtplib TLS stripping

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

UBUNTU-CVE-2013-1753

The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...

CVE-2015-2316

The utils.html.striptags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service infinite loop by increasing the length of the input string...

openSUSE Security Update : getmail (openSUSE-SU-2014:1315-1)

getmail 4.46.0 bnc900217 This release fixes several similar vulnerabilities that could allow a man-in-the-middle attacker to read encrypted traffic due to pack of certificate verification against the hostname. - fix --idle checking Python version incorrectly, resulting in incorrect warning about...

PSF-2014-6 buffer() integer overflows

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function...

CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service CPU consumptio...

CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

PSF-2013-2 ssl: NULL in subjectAltNames

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

PT-2012-2901 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3 Description: The issue allows remote attackers to cause a denial of service, resulting in infinite loo...

Python Multiple Vulnerabilities (Windows)

This host is installed with Python and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbpythonmultvulnwin.nasl 8160 2017-12-18 15:33:57Z cfischer $ Python Multiple Vulnerabilities Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...

AZL-6828 CVE-2007-4559 affecting package python3 for versions less than 3.9.19-1

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

DSA-458-3 python2.2 - buffer overflow

Bulletin has no description...

[SECURITY] [DSA 147-2] New mailman packages fix cross-site scripting problem

-------------------------------------------------------------------------- Debian Security Advisory DSA 147-2 [email protected] http://www.debian.org/security/ Martin Schulze August 26th, 2002 http://www.debian.org/security/faq -...

Buffer overflow in Python code

Hi, I've found buffer overflow in Python 2.1.1 source code. Maybe there're many others The buffer overflow is in the file traceback.c in the directory Python of the Python source code. Simply there's a sprintf done in this way: sprintflinebuf,FMT,filename,lineno,name What cause the overflow is th...