20 matches found
K11068141: Python vulnerability CVE-2014-9365
Security Advisory Description The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches...
SUSE CVE-2014-9365
The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...
Mageia: Security Advisory (MGASA-2015-0091)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Python < 2.7.9, 3.4.x < 3.4.3 Validate TLS certificate (bpo-22417) - Linux
Python is prone to a man-in-the-middle vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescripti...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2017-1185)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerability in Python affects PowerKVM
Summary PowerKVM is affected by a vulnerability in Python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certificate by the HTTP librarie...
Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)
Summary IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365 Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certifica...
EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1185)
According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...
EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)
According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...
Scientific Linux Security Update : python on SL7.x x86_64 (20170801)
Security Fixes : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data...
RHEL 7 : python (RHSA-2017:1868)
An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update
Updated python27 packages are now available as a part of Red Hat Software Collections 2.4 for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python, tkinter security update
CentOS Errata and Security Advisory CESA-2015:2101 Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...
Amazon Linux AMI : python27 (ALAS-2015-552)
It was discovered that multiple Python standard library modules implementing network protocols such as httplib or smtplib failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.CVE-2013-1752 ...
Mandriva Linux Security Advisory : python (MDVSA-2015:075)
Updated python packages fix security vulnerabilities : A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the...
GLSA-201503-10 : Python: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201503-10 Python: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute...
MGASA-2015-0091 Updated python packages fix CVE-2014-9365
Updated python packages fix security vulnerability: When Python's standard library HTTP clients httplib, urllib, urllib2, xmlrpclib are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against th...
python2: multiple issues
CVE-2013-1752 denial of service Multiple unbound readline flaws in python stdlib were found, which can lead to excessive memory usage if a malicious or broken server sends excessively long lines without any line breaks. - CVE-2013-1753 denial of service The XMLRPC library is vulnerable to...
CVE-2014-9365
The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...
CVE-2014-9365
CVE-2014-9365 affects CPython’s HTTP clients (httplib, urllib, urllib2, xmlrpclib) on Python 2.x (<2.7.9) and 3.x (