Python Denial of Service Vulnerability (CNVD-2018-20081)

Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. There is a security vulnerability in Python. An attacker can exploit this vulnerability with the help of ...

Exploit for Command Injection in Python

Python CVE-2018-1000802 Proof-of-Concept This is a PoC for th...

Security Bulletin: IBM Spectrum Scale deployments with the Object Protocols functionality enabled are affected by a security vulnerability in Python (CVE-2017-2592)

Summary IBM Spectrum Scale deployments with the Object Protocols functionality enabled are affected by a security vulnerability in Python that could allow a local authenticated attacker to obtain sensitive information, caused by including sensitive data in the CatchError class. A local attacker...

CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.ISLINEJUNK method. An attacker could use this flaw to cause denial of service...

CVE-2018-1060

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop method. An attacker could use this flaw to cause denial of service...

Security Bulletin: A vulnerability in python affects PowerKVM

Summary PowerKVM is affected by a vulnerability in python. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5636 DESCRIPTION: zipimport module for Python is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the getdata function in...

Security Bulletin: IBM SmartCloud Analytics - Log Analysis is affected by Open Source Python Vulnerability (CVE-2014-9365)

Summary IBM SmartCloud Analytics - Log Analysis product bundles the Open Source Python which is vulnerable to CVE-2014-9365 Vulnerability Details CVEID: CVE-2014-9365 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by the failure to validate TLS certifica...

Solaris 10 (sparc) : 143506-06

GNOME 2.6.0: Python patch. Date this patch was last updated by Sun : Jul/30/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2017-18207

The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service divide-by-zero and exception via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications...

USN-3496-1: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Python incorrectly handled decoding certain strings. An attacker could possibly use this issue to execute arbitrary code. Affected Cloud Foundry Products and Versions Severity is...

USN-3496-3: Python vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Original advisory details: It was discovered that Python incorrectly handled decoding...

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerability (USN-3496-3)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3496-3 advisory. USN-3496-1 fixed a vulnerability in Python2.7. This update provides the corresponding update for versions 3.4 and 3.5. Tenable has extracted the...

Oracle Linux 7 : python (ELSA-2017-1868)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-1868 advisory. - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359164 - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.getdata...

PYSEC-2017-96

The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service runtime exception and process crash...

python: Heap overflow in zipimporter module

A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution...

Code injection

Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python...

Internet Bug Bounty: chain.__setstate__ Type Confusion

Python 3.5.2 suffers from a type confusion vulnerability in the chain.setstate method of the itertools module. The issue exists due to lack of argument validation in the chainsetstate function: static PyObject chainsetstatechainobject lz, PyObject state PyObject source, active=NULL; if !...

DEBIAN-CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

EUVD-2016-6641

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

PSF-2016-8 HTTP header injection

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...