CVE-2017-1000158

CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

CVE-2017-1000158

CVE-2017-1000158 affects CPython up to 2.7.13, where an integer overflow in PyString_DecodeEscape within stringobject.c can cause a heap-based buffer overflow and may lead to arbitrary code execution. Publicly documented impacts across distributions confirm this vulnerability in older Python 2.7 ...

CVE-2017-1000158

CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

PSF-2017-6 PyString_DecodeEscape integer overflow

CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

CVE-2017-1000158

CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...

Monitor AWS & GCP Configurations: Security Monkey

Monitor AWS & GCP Configurations Security Monkey is an OpenSource application from Netflix NetflixOSS which monitors/alerts/reports one or multiple AWS/GCP accounts for anomalies. Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It...

Debian DLA-871-1 : python3.2 security update

It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter. The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle attackers to bypass the TLS protections by leveraging a network positi...

Internet Bug Bounty: Use-after-free in _asyncio_Future_remove_done_callback

http://bugs.python.org/issue28963 Callbacks could be removed from a list while it was iterated, leading to an out of bounds access. A fix for this bug is now in the CPython repository...

[SECURITY] Fedora 25 Update: python-PyMySQL-0.7.10-10.fc25

This package contains a pure-Python MySQL client library. The goal of PyMyS QL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPyth on and Jython...

CPython CRLF Injection Vulnerability - Windows

CPython is prone to a CRLF injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

CPython Man in Middle Attack and Code Execution Vulnerabilities - Windows

CPython is prone to a man in middle attack and an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CPython CRLF Injection Vulnerability - Linux

CPython is prone to a CRLF injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

CPython Man in Middle Attack and Code Execution Vulnerabilities - Linux

CPython is prone to a man in middle attack and an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-5636

Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...

CVE-2016-5636

Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...

Code injection

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

Integer overflow

Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...

Crlf injection

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...