Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2653-1
HistoryJun 25, 2015 - 12:00 a.m.

Python vulnerabilities

2015-06-2500:00:00
ubuntu.com
76

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.246 Low

EPSS

Percentile

96.6%

JSON

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • python2.7 - An interactive high-level object-oriented language
  • python3.2 - An interactive high-level object-oriented language
  • python3.4 - An interactive high-level object-oriented language

Details

It was discovered that multiple Python protocol libraries incorrectly
limited certain data when connecting to servers. A malicious ftp, http,
imap, nntp, pop or smtp server could use this issue to cause a denial of
service. (CVE-2013-1752)

It was discovered that the Python xmlrpc library did not limit unpacking
gzip-compressed HTTP bodies. A malicious server could use this issue to
cause a denial of service. (CVE-2013-1753)

It was discovered that the Python json module incorrectly handled a certain
argument. An attacker could possibly use this issue to read arbitrary
memory and expose sensitive information. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)

It was discovered that the Python CGIHTTPServer incorrectly handled
URL-encoded path separators in URLs. A remote attacker could use this issue
to expose sensitive information, or possibly execute arbitrary code. This
issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)

It was discovered that Python incorrectly handled sizes and offsets in
buffer functions. An attacker could possibly use this issue to read
arbitrary memory and obtain sensitive information. This issue only affected
Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)

Related

ibm 4
openvas 52
nessus 58
oraclelinux 3
redhat 3
veracode 6
centos 2
amazon 6
securityvulns 4
mageia 5
fedora 19
archlinux 2
gentoo 1
github 1
hackerone 1
ubuntucve 4
debiancve 4
prion 5
osv 5
packetstorm 1
exploitpack 1
cve 5
alpinelinux 1
f5 3
exploitdb 1
seebug 1
slackware 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Python affect PowerKVM
2018-06-18 01:30:44
Security Bulletin: Python vulnerabilities affect IBM SmartCloud Entry (CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185)
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:33:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2101)
2015-11-24 00:00:00
Ubuntu: Security Advisory (USN-2653-1)
2015-06-26 00:00:00
Oracle: Security Advisory (ELSA-2015-1064)
2016-02-05 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Python vulnerabilities (USN-2653-1)
2015-06-26 00:00:00
Oracle Linux 7 : python (ELSA-2015-2101)
2015-11-24 00:00:00
SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)
2015-08-06 00:00:00
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2015-11-23 00:00:00
python27 security, bug fix, and enhancement update
2016-02-04 00:00:00
python security, bug fix, and enhancement update
2015-07-28 00:00:00
redhat
redhat
(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update
2015-06-04 00:00:00
(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update
2015-11-19 13:41:01
(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update
2015-07-22 00:00:00
veracode
veracode
Improper Input Validation
2019-05-02 05:39:24
Improper Input Validation
2019-05-02 05:39:24
Sensitive Information Leakage
2019-05-02 05:39:25
centos
centos
python, tkinter security update
2015-11-30 19:48:49
python, tkinter security update
2015-07-26 14:11:19
amazon
amazon
Medium: python26
2015-12-14 10:00:00
Medium: python27
2014-11-05 12:15:00
Medium: python27
2015-06-22 10:31:00
securityvulns
securityvulns
python security vulnerabilities
2014-07-14 00:00:00
[ MDVSA-2014:197 ] python
2014-10-27 00:00:00
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
2014-10-15 00:00:00
mageia
mageia
Updated python & python3 packages fix two vulnerabilities
2014-07-09 02:35:18
Updated python package fixes security vulnerabilities
2014-03-24 11:37:41
Updated python-simplejson package fixes security vulnerability
2014-07-09 02:38:10
fedora
fedora
[SECURITY] Fedora 21 Update: python3-3.4.1-16.fc21
2014-11-10 06:36:31
[SECURITY] Fedora 20 Update: python3-3.3.2-18.fc20
2014-11-09 15:45:22
[SECURITY] Fedora 20 Update: python-2.7.5-16.fc20
2015-04-22 22:41:55
archlinux
archlinux
python2: multiple issues
2014-12-15 00:00:00
python2: Information leakage through integer overflow
2014-09-26 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2015-03-18 00:00:00
github
github
simplejson before 2.6.1 vulnerable to array index error
2022-05-14 02:05:09
hackerone
hackerone
Internet Bug Bounty: Python vulnerability: reading arbitrary process memory
2014-05-16 23:14:13
ubuntucve
ubuntucve
CVE-2014-4616
2014-06-26 00:00:00
CVE-2013-1753
2015-06-04 00:00:00
CVE-2014-7185
2014-10-08 00:00:00
debiancve
debiancve
CVE-2014-4616
2017-08-24 20:29:00
CVE-2013-1753
2020-03-11 17:15:00
CVE-2014-4650
2020-02-20 17:15:00
prion
prion
Code injection
2017-08-24 20:29:00
Directory traversal
2020-02-20 17:15:00
Cross site request forgery (csrf)
2020-03-11 17:15:00
osv
osv
simplejson before 2.6.1 vulnerable to array index error
2022-05-14 02:05:09
CVE-2014-4616
2017-08-24 20:29:00
JSONDecoder.raw_decode
2017-08-24 20:00:00
packetstorm
packetstorm
Python CGIHTTPServer File Disclosure / Code Execution
2014-06-27 00:00:00
exploitpack
exploitpack
Python CGIHTTPServer - Encoded Directory Traversal
2014-06-27 00:00:00
cve
cve
CVE-2014-4616
2017-08-24 20:29:00
CVE-2013-1753
2020-03-11 17:15:00
CVE-2014-4650
2020-02-20 17:15:00
alpinelinux
alpinelinux
CVE-2014-4616
2017-08-24 20:29:00
f5
f5
K78825687 : Python and Jython vulnerability CVE-2014-7185
2017-07-21 00:00:00
K53192206 : Python and Jython vulnerability CVE-2013-1752
2017-07-21 00:00:00
K93278412 : Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650
2017-07-21 00:00:00
exploitdb
exploitdb
Python CGIHTTPServer - Encoded Directory Traversal
2014-06-27 00:00:00
seebug
seebug
Python多个安全漏洞
2013-12-30 00:00:00
slackware
slackware
[slackware-security] python
2019-03-03 22:46:15

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.246 Low

EPSS

Percentile

96.6%

JSON
Related for USN-2653-1
ibm4openvas52nessus58oraclelinux3redhat3veracode6centos2amazon6securityvulns4mageia5fedora19archlinux2gentoo1github1hackerone1ubuntucve4debiancve4prion5osv5packetstorm1exploitpack1cve5alpinelinux1f53exploitdb1seebug1slackware1