F5 Networks BIG-IP : Python and Jython vulnerability (K53192206)

REJECT Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not yet fixed i...

F5 Networks BIG-IP : Python and Jython vulnerability (K78825687)

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. CVE-2014-7185 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

Oracle WebLogic Server Multiple Vulnerabilities (July 2017 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A flaw exists in Jython due to executable classes being created with insecure permissions. A local attacker can exploit this to bypass intended access restrictions and thereby disclose...

Jython Arbitrary Code Execution Vulnerability

Jython is an implementation of the Python programming language that runs on the Java platform. An arbitrary code execution vulnerability exists in Jython. Allows an attacker to execute arbitrary code via specially designed serialized PyFunction objects...

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

Code injection

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

UBUNTU-CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

DEBIAN-CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

CVE-2016-4000

CVE-2016-4000 affects Oracle Enterprise Manager Base Platform (Jython) — a remote code execution via a crafted serialized PyFunction object. The GitHub advisory GHSA-6R7R-JJ8H-PQ6V corroborates deserialization of untrusted data in Jython and references the same CVE. Tenable Nessus entries (e.g., ...

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

Debian DSA-3893-1 : jython - security update

Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3893-1] jython security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3893-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3893-1] jython security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3893-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...

DSA-3893-1 jython - security update

Bulletin has no description...

Debian Security Advisory DSA 3893-1 (jython - security update)

Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer. OpenVAS Vulnerability Test $Id: deb3893.nasl 6782 2017-07-2...

Debian: Security Advisory (DSA-3893-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-989-1 : jython security update

Alvaro Munoz and Christian Schneider discovered that Jython, an implementation of the Python language seamlessly integrated with Java, would execute arbitrary code when deserializing objects. For Debian 7 'Wheezy', these problems have been fixed in version 2.5.2-1+deb7u1. We recommend that you...