Medium: python27

Issue Overview: It was discovered http://bugs.python.org/issue21766 that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root...

Amazon Linux AMI : python27 (ALAS-2014-380)

It was reported that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report : 'The sole prerequisites of this attack are that the attacker is able to control or influence the two...

Medium: python27

Issue Overview: It was reported http://bugs.python.org/issue21529 that Python built-in json module have a flaw insufficient bounds checking, which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report: The sole prerequisites of this attack are that the...

Important: Red Hat Security Advisory: python27-mod_wsgi and python33-mod_wsgi security update

Updated python27-modwsgi and python33-modwsgi packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

Amazon Linux AMI : python27 (ALAS-2014-293)

Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. C Tenable Network Security, Inc. The descriptive text and package checks in...

Medium: python27

Issue Overview: Buffer overflow in the socket.recvfrominto function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Affected Packages: python27 Issue Correction: Run yum update...

Amazon Linux AMI : python27 (ALAS-2013-220)

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

Amazon Linux AMI : python27 (ALAS-2012-81)

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

PT-2012-5961 · Activestate · Activepython

Name of the Vulnerable Software and Affected Versions: ActivePython version 3.2.2.3 Description: The installation functionality in ActivePython has an untrusted search path vulnerability. This might allow local users to gain privileges via a Trojan horse DLL in the C:Python27 or C:Python27Scripts...

FreeBSD Ports: python32

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: python32

The remote host is missing an update to the system as announced in the referenced advisory. VID b4f8be9e-56b2-11e1-9fb7-003067b2972c OpenVAS Vulnerability Test $ Description: Auto generated from VID b4f8be9e-56b2-11e1-9fb7-003067b2972c Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...