Vulnerability & Exploit Database

Displaying entries 1 - 10 of 28 in total

Results for: CVE-2016-3134 Back to search

Ubuntu: USN-3134-1 (CVE-2016-5699): Python vulnerabilities Vulnerability

  • Severity: 4
  • Published: September 02, 2016

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

Ubuntu: USN-3134-1 (CVE-2016-5636): Python vulnerabilities Vulnerability

  • Severity: 10
  • Published: September 02, 2016

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Ubuntu: USN-3134-1 (CVE-2016-0772): Python vulnerabilities Vulnerability

  • Severity: 6
  • Published: September 02, 2016

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS s...

SUSE: CVE-2016-5699: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: August 19, 2016

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

SUSE: CVE-2016-5636: SUSE Linux Security Advisory Vulnerability

  • Severity: 10
  • Published: August 19, 2016

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

SUSE: CVE-2016-0772: SUSE Linux Security Advisory Vulnerability

  • Severity: 6
  • Published: August 19, 2016

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS s...

Ubuntu: USN-3134-1 (CVE-2016-1000110): Python vulnerabilities Vulnerability

  • Severity: 4
  • Published: August 18, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3134-1:

It was discovered that the smtplib library in Python did not return an

error when StartTLS fails. A remote attacker could possibly ...

SUSE: CVE-2016-1000110: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: August 18, 2016

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From SUSE_CVE-2016-1000110:

This CVE is addressed in the SUSE advisories SUSE-SU-2016:2106-1, SUSE-SU-2016:2270-1, SUSE-SU-2016:2653-1, SUSE-SU-2016:2859-1, SU...

Red Hat: CVE-2016-5699: Moderate: python security update (RHSA-2016:1626) Vulnerability

  • Severity: 4
  • Published: August 18, 2016

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.