663 matches found
CVE-2016-0772
The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...
CVE-2016-5636
Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...
CVE-2016-0772
CVE-2016-0772 affects CPython’s smtplib where StartTLS failure is not surfaced as an error, potentially enabling a man‑in‑the‑middle by blocking StartTLS. Public advisories and Debian/Ubuntu updates confirm the issue and provide fixes: e.g., Debian/DLA entries fix python3.x (and Python 2.7 series...
EUVD-2016-0788
The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...
CVE-2016-5636
CVE-2016-5636 describes an integer overflow/heap-based buffer overflow in Python’s zipimporter (zipimport.c get_data). It affects CPython before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2, exploitable via a negative data size value in a crafted zip file loaded during import. The connected d...
CVE-2016-5699
CVE-2016-5699 is a CRLF injection vulnerability in Python’s HTTPConnection.putheader() used by urllib/urllib2. The flaw allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Affected are CPython before 2.7.10 and 3.x before 3.4.4. Consequences include header inject...
PSF-2016-7 zipimporter overflow
Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...
CVE-2016-0772
The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...
CVE-2016-5636
Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...
CVE-2016-5699
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...
CVE-2016-5636
Integer overflow in the getdata function in zipimport.c in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow...
CVE-2016-5699
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...
CVE-2016-0772
The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...
CPython Man In The Middle Attack Vulnerability
CPython suffers from a man in the middle attack vulnerability via a crafted certificate. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2013-7440
The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...
CVE-2013-7440
The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...
CVE-2013-7440
CVE-2013-7440 affects CPython’s ssl.match_hostname: Python before 2.7.9 and 3.x before 3.3.3 incorrectly handles wildcards in hostnames, allowing MITM via a crafted certificate. Affected: CPython’s standard library SSL hostname verification. Root cause: wildcard handling flaw in hostname matching...
CVE-2013-7440
The ssl.matchhostname function in CPython aka Python before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate...
KLA10866 Multiple vulnerabilities in Python
Multiple serious vulnerabilities have been found in CPython Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2. Malicious users can exploit these vulnerabilities to bypass the TLS protections, inject arbitrary HTTP headers or have unspecified impact. Below is a complete list of...
Design/Logic Flaw
The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...