Lucene search
K

20 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.58 views

K11068141: Python vulnerability CVE-2014-9365

Security Advisory Description The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches...

5.8CVSS7.4AI score0.03269EPSS
Exploits1Affected Software18
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.6 views

SUSE CVE-2014-9365

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

5.8CVSS9.1AI score0.03269EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2015-0091)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.7AI score0.03269EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.33 views

Python < 2.7.9, 3.4.x < 3.4.3 Validate TLS certificate (bpo-22417) - Linux

Python is prone to a man-in-the-middle vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescripti...

5.8CVSS7.5AI score0.03269EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.35 views

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2017-1185)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7.1AI score0.03269EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:37 a.m.44 views

Security Bulletin: A vulnerability in Python affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificate by the HTTP librarie...

5.8CVSS0.6AI score0.03269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:3 p.m.35 views

Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)

Summary IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365 Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certifica...

5.8CVSS0.4AI score0.03269EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/08 12:0 a.m.46 views

EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1185)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...

5.8CVSS7AI score0.03269EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/09/08 12:0 a.m.39 views

EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...

5.8CVSS7AI score0.03269EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/08/22 12:0 a.m.52 views

Scientific Linux Security Update : python on SL7.x x86_64 (20170801)

Security Fixes : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data...

5.8CVSS6.9AI score0.03269EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/08/02 12:0 a.m.45 views

RHEL 7 : python (RHSA-2017:1868)

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

5.8CVSS6.9AI score0.03269EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/04/26 10:18 a.m.73 views

Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

Updated python27 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.8CVSS6.6AI score0.03269EPSS
Exploits1References13
Cent OS
Cent OS
added 2015/11/30 7:48 p.m.92 views

python, tkinter security update

CentOS Errata and Security Advisory CESA-2015:2101 Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

9.8CVSS6.9AI score0.24148EPSS
Exploits9References7
Tenable Nessus
Tenable Nessus
added 2015/06/25 12:0 a.m.36 views

Amazon Linux AMI : python27 (ALAS-2015-552)

It was discovered that multiple Python standard library modules implementing network protocols such as httplib or smtplib failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.CVE-2013-1752 ...

7.5CVSS6.9AI score0.03913EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.50 views

Mandriva Linux Security Advisory : python (MDVSA-2015:075)

Updated python packages fix security vulnerabilities : A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...

9.8CVSS7.8AI score0.28319EPSS
Exploits16References11
Tenable Nessus
Tenable Nessus
added 2015/03/24 12:0 a.m.31 views

GLSA-201503-10 : Python: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201503-10 Python: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute...

7.5CVSS7.6AI score0.28319EPSS
Exploits12References8
OSV
OSV
added 2015/03/05 7:34 p.m.13 views

MGASA-2015-0091 Updated python packages fix CVE-2014-9365

Updated python packages fix security vulnerability: When Python's standard library HTTP clients httplib, urllib, urllib2, xmlrpclib are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against th...

5.8CVSS7.3AI score0.03269EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2014/12/15 12:0 a.m.64 views

python2: multiple issues

CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...

5.8CVSS0.4AI score0.03913EPSS
Exploits2References8
OSV
OSV
added 2014/12/12 11:59 a.m.4 views

CVE-2014-9365

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

7.3AI score
Exploits0References14
CVE
CVE
added 2014/12/12 11:0 a.m.461 views

CVE-2014-9365

CVE-2014-9365 affects CPython’s HTTP clients (httplib, urllib, urllib2, xmlrpclib) on Python 2.x (&lt;2.7.9) and 3.x (

5.8CVSS7.1AI score0.03269EPSS
Exploits1References13Affected Software1
Rows per page
Query Builder