bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

Design/Logic Flaw

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

CVE-2011-4137

In Django, CVE-2011-4137 affects the URLField verify_exists check: before 1.2.7 and 1.3.x before 1.3.1, it uses libraries that access arbitrary URLs with no timeout, enabling DoS via slow, data-less, or large-response URLs. Root cause: lack of timeout handling in URL checks. Impact: remote denial...

CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

Mandrake Security Advisory MDVSA-2009:212 (python)

The remote host is missing an update to python announced via advisory MDVSA-2009:212. OpenVAS Vulnerability Test $Id: mdksa2009212.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:212 python Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...

Debian Security Advisory DSA 1465-1 (apt-listchanges)

The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1. OpenVAS Vulnerability Test $Id: deb14651.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1465-1 apt-listchanges Authors: Thomas Reinke Copyright: Copyright c 2008...

Debian Security Advisory DSA 1465-1 (apt-listchanges)

The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Debian: Security Advisory (DSA-1465-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-572-1: apt-listchanges vulnerability

Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges...

[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1465-2 [email protected] http://www.debian.org/security/ Steve Kemp January 17, 2008 http://www.debian.org/security/faq -...

DSA-1465-2 apt-listchanges - arbitrary code execution

Bulletin has no description...