Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2013-1752

Status Candidate

Overview

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Related Files

Red Hat Security Advisory 2015-2101-01
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2101-01 - Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory.

tags | advisory, java, web, perl, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
MD5 | 99108e5900b8880c9df7cc48354f7344
Red Hat Security Advisory 2015-1330-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1330-01 - Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer.

tags | advisory, java, overflow, perl, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2014-1912, CVE-2014-4650, CVE-2014-7185
MD5 | 1ffec5edccbcafcc2360b4711c941b35
Ubuntu Security Notice USN-2653-1
Posted Jun 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2653-1 - It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, imap, protocol, python
systems | linux, ubuntu
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
MD5 | ac9d8c6cbf95a6ebe7d7cd29055bba98
Red Hat Security Advisory 2015-1064-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1064-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-1912, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
MD5 | 3038b0ab13e9ef23119ea69c30cf11ac
Mandriva Linux Security Advisory 2015-075
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-075 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules. Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules. A gzip bomb and unbound read denial of service flaw in python XMLRPC library. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type. When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking. The python-pip and tix packages was added due to missing build dependencies.

tags | advisory, web, denial of service, overflow, arbitrary, cgi, root, python
systems | linux, mandriva
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-1912, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185, CVE-2014-9365
MD5 | 0b2b11d0c818af9e967e69377793be70
Gentoo Linux Security Advisory 201503-10
Posted Mar 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-10 - Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.

tags | advisory, arbitrary, vulnerability, code execution, python
systems | linux, gentoo
advisories | CVE-2013-1752, CVE-2013-7338, CVE-2014-1912, CVE-2014-2667, CVE-2014-4616, CVE-2014-7185, CVE-2014-9365
MD5 | d8dc2ad2f03aa115ae5e87edc83489c4
VMware Security Advisory 2014-0012
Posted Dec 5, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.

tags | advisory, vulnerability, xss
advisories | CVE-2013-1752, CVE-2013-2877, CVE-2013-4238, CVE-2014-0015, CVE-2014-0138, CVE-2014-0191, CVE-2014-3797, CVE-2014-8371
MD5 | f36bc2e46b09054b56cf41449f829177
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    1 Files
  • 18
    Nov 18th
    1 Files
  • 19
    Nov 19th
    3 Files
  • 20
    Nov 20th
    2 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close