Summary
Detail | |||
---|---|---|---|
Vendor | Python | First view | 2002-10-04 |
Product | Python | Last view | 2023-12-08 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.9 | 2023-12-08 | CVE-2023-6507 | An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). |
5.3 | 2023-08-25 | CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) |
7.5 | 2023-08-23 | CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. |
5.9 | 2023-08-22 | CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. |
9.8 | 2023-08-22 | CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. |
6.5 | 2023-08-22 | CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. |
7.5 | 2023-08-22 | CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. |
5.3 | 2023-08-15 | CVE-2023-38898 | An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. |
7.5 | 2023-06-25 | CVE-2023-36632 | The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. |
5.5 | 2023-06-07 | CVE-2023-33595 | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. |
5.3 | 2023-04-19 | CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. |
7.5 | 2023-02-17 | CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
7.5 | 2022-11-09 | CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. |
7.8 | 2022-11-07 | CVE-2022-42919 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. |
9.8 | 2022-10-21 | CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. |
7.5 | 2022-09-09 | CVE-2020-10735 | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. |
5.3 | 2022-08-24 | CVE-2021-4189 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. |
7.4 | 2022-08-23 | CVE-2021-28861 | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." |
7.8 | 2022-06-16 | CVE-2017-20052 | A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
7.6 | 2022-04-13 | CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 |
7.5 | 2022-03-25 | CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
7 | 2022-03-10 | CVE-2022-26488 | In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. |
6.5 | 2022-03-10 | CVE-2021-3733 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. |
7.5 | 2022-03-04 | CVE-2021-3737 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. |
7.5 | 2022-02-09 | CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
13% (14) | CWE-190 | Integer Overflow or Wraparound |
5% (6) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
5% (6) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
4% (5) | CWE-787 | Out-of-bounds Write |
4% (5) | CWE-20 | Improper Input Validation |
3% (4) | CWE-426 | Untrusted Search Path |
3% (4) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
3% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
2% (3) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
2% (3) | CWE-427 | Uncontrolled Search Path Element |
2% (3) | CWE-416 | Use After Free |
2% (3) | CWE-399 | Resource Management Errors |
2% (3) | CWE-362 | Race Condition |
2% (3) | CWE-189 | Numeric Errors |
2% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
1% (2) | CWE-682 | Incorrect Calculation |
1% (2) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
1% (2) | CWE-310 | Cryptographic Issues |
1% (2) | CWE-200 | Information Exposure |
1% (2) | CWE-93 | Failure to Sanitize CRLF Sequences ('CRLF Injection') |
1% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
1% (2) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
0% (1) | CWE-776 | Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
0% (1) | CWE-704 | Incorrect Type Conversion or Cast |
0% (1) | CWE-693 | Protection Mechanism Failure |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:9811 | Sendmail before 8.13.7 allows remote attackers to cause a denial of service v... |
oval:org.mitre.oval:def:10789 | Buffer overflow in the repr function in Python 2.3 through 2.6 before 2006082... |
oval:org.mitre.oval:def:8353 | VMware python PyLocale_strxfrm function vulnerability |
oval:org.mitre.oval:def:11716 | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c ... |
oval:org.mitre.oval:def:8496 | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) Ma... |
oval:org.mitre.oval:def:8486 | VMware python integer overflows vulnerability in the imageop module |
oval:org.mitre.oval:def:17622 | USN-585-1 -- python2.4/2.5 vulnerabilities |
oval:org.mitre.oval:def:10804 | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier ... |
oval:org.mitre.oval:def:9407 | Integer signedness error in the zlib extension module in Python 2.5.2 and ear... |
oval:org.mitre.oval:def:8494 | VMware python zlib extension module vulnerability |
oval:org.mitre.oval:def:8249 | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) Ma... |
oval:org.mitre.oval:def:8624 | VMware python PyString_FromStringAndSize function vulnerability |
oval:org.mitre.oval:def:8152 | DSA-1551 python2.4 -- several vulnerabilities |
oval:org.mitre.oval:def:7981 | DSA-1620 python2.5 -- several vulnerabilities |
oval:org.mitre.oval:def:20188 | DSA-1620-1 python2.5 - several vulnerabilities |
oval:org.mitre.oval:def:18481 | DSA-1551-1 python2.4 - several vulnerabilities |
oval:org.mitre.oval:def:10407 | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitr... |
oval:org.mitre.oval:def:7800 | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) Ma... |
oval:org.mitre.oval:def:10583 | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-... |
oval:org.mitre.oval:def:9761 | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependen... |
oval:org.mitre.oval:def:8683 | VMware python multiple integer overflows vulnerability |
oval:org.mitre.oval:def:8445 | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) Ma... |
oval:org.mitre.oval:def:8422 | VMware python multiple buffer overflows vulnerability |
oval:org.mitre.oval:def:11466 | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allo... |
oval:org.mitre.oval:def:8996 | Multiple integer overflows in Python before 2.5.2 might allow context-depende... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
71361 | Python CGIHTTPServer Module cgi-bin Code Disclosure |
71330 | Python urllib.request file:// URL Handler Redirect Issue |
68739 | Python smptd Module smtpd.py Race Condition TCP Connection Termination Multip... |
68738 | Python asyncore Module Accept Function Call Network Connection Application Te... |
65151 | Python Audioop Module audioop.reverse Call Crafted Argument DoS |
64967 | Python rgbimg Module RGB Image ZSIZE Value Handling Underflow DoS |
64966 | Python rgbimg Module rgbimgmodule.c Image Handling Overflow |
64965 | Python rgbimg Module RLE Decoder Multiple Function Overflow |
64957 | Python Audioop Module audioop.c Multiple Function Overflows |
53373 | Python PySys_SetArgv API Function Search Path Subversion Local Privilege Esca... |
50097 | Python imageop Module imageop.c crop Function Multiple Overflows |
50096 | Python Overflow Python/ Multiple Files Unspecified Overflow |
50095 | Python Overflow Parser/node.c Unspecified Overflow |
50094 | Python Overflow Objects/ Multiple Files Unspecified Overflow |
50093 | Python Overflow Modules/ Multiple Files Unspecified Overflow |
50092 | Python Overflow Include/pymem.h Unspecified Overflow |
47481 | Python mysnprintf.c PyOS_vsnprintf Function Multiple Overflows |
47480 | Python PyMem_RESIZE Macro unicode_resize Function Unicode String Handling Mul... |
47479 | Python hashlib Module _hashopenssl.c Overflow Cryptographic Digest Manipulation |
47478 | Python Multiple Modules Multiple Unspecified Overflows |
44730 | Python PyString_FromStringAndSize Function Memory Allocation Overflow |
44693 | Python zlib Extension Module Signed Integer Handling Arbitrary Remote Code Ex... |
44463 | Python imageop.c Crafted Images Multiple Overflows |
40142 | Python imageop Module tovideo() Function Overflow |
40141 | Python tarfile Module TAR Archive Handling Traversal Arbitrary File Overwrite |
ExploitDB Exploits
id | Description |
---|---|
33894 | Python CGIHTTPServer Encoded Path Traversal |
31875 | Python socket.recvfrom_into() - Remote Buffer Overflow |
10229 | Python < 2.5.2 Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability |
OpenVAS Exploits
id | Description |
---|---|
2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
2012-10-26 | Name : Ubuntu Update for python3.2 USN-1615-1 File : nvt/gb_ubuntu_USN_1615_1.nasl |
2012-10-26 | Name : Ubuntu Update for python3.1 USN-1616-1 File : nvt/gb_ubuntu_USN_1616_1.nasl |
2012-10-19 | Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl |
2012-10-19 | Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl |
2012-10-05 | Name : Ubuntu Update for python2.6 USN-1596-1 File : nvt/gb_ubuntu_USN_1596_1.nasl |
2012-10-03 | Name : Ubuntu Update for python2.7 USN-1592-1 File : nvt/gb_ubuntu_USN_1592_1.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-06 (expat) File : nvt/glsa_201209_06.nasl |
2012-09-11 | Name : Ubuntu Update for xmlrpc-c USN-1527-2 File : nvt/gb_ubuntu_USN_1527_2.nasl |
2012-08-30 | Name : Fedora Update for expat FEDORA-2012-4936 File : nvt/gb_fedora_2012_4936_expat_fc17.nasl |
2012-08-30 | Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl |
2012-08-30 | Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl |
2012-08-30 | Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl |
2012-08-14 | Name : Ubuntu Update for expat USN-1527-1 File : nvt/gb_ubuntu_USN_1527_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2525-1 (expat) File : nvt/deb_2525_1.nasl |
2012-08-03 | Name : Mandriva Update for expat MDVSA-2012:041 (expat) File : nvt/gb_mandriva_MDVSA_2012_041.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2011:0491 centos4 x86_64 File : nvt/gb_CESA-2011_0491_python_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2011:0492 centos5 x86_64 File : nvt/gb_CESA-2011_0492_python_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos5 File : nvt/gb_CESA-2012_0731_expat_centos5.nasl |
2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos6 File : nvt/gb_CESA-2012_0731_expat_centos6.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2012:0744 centos6 File : nvt/gb_CESA-2012_0744_python_centos6.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2012:0745 centos5 File : nvt/gb_CESA-2012_0745_python_centos5.nasl |
2012-06-22 | Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
2015-A-0113 | Multiple Vulnerabilities in Juniper Networks CTPOS Severity: Category I - VMSKEY: V0060737 |
2014-B-0161 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0057717 |
2014-B-0103 | Multiple Vulnerabilities in VMware Horizon View Client Severity: Category I - VMSKEY: V0053509 |
2014-B-0102 | Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5 Severity: Category I - VMSKEY: V0053507 |
2014-B-0101 | Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1 Severity: Category I - VMSKEY: V0053505 |
2014-A-0115 | Multiple Vulnerabilities in VMware Horizon View Severity: Category I - VMSKEY: V0053501 |
2014-B-0097 | Multiple Vulnerabilities in VMware ESXi 5.0 Severity: Category I - VMSKEY: V0053319 |
2014-A-0103 | Multiple Vulnerabilities in Oracle E-Business Severity: Category I - VMSKEY: V0053195 |
2014-A-0109 | Multiple Vulnerabilities in VMware Fusion Severity: Category I - VMSKEY: V0053183 |
2014-A-0110 | Multiple Vulnerabilities in VMware Player Severity: Category I - VMSKEY: V0053181 |
2014-A-0111 | Multiple Vulnerabilities in VMware Workstation Severity: Category I - VMSKEY: V0053179 |
2014-B-0095 | Multiple Vulnerabilities in Splunk Severity: Category I - VMSKEY: V0053177 |
2014-B-0088 | Multiple Vulnerabilities in VMware ESXi 5.5 Severity: Category I - VMSKEY: V0052911 |
2014-B-0089 | Multiple Vulnerabilities in VMware ESXi 5.1 Severity: Category I - VMSKEY: V0052909 |
2014-B-0091 | Multiple Vulnerabilities in VMware vCenter Update Manager 5.5 Severity: Category I - VMSKEY: V0052907 |
2014-B-0084 | HP Onboard Administrator Information Disclosure Vulnerability Severity: Category I - VMSKEY: V0052901 |
2014-B-0085 | Multiple Vulnerabilities in HP System Management Homepage (SMH) Severity: Category I - VMSKEY: V0052899 |
2014-B-0092 | Multiple Vulnerabilities in VMware vSphere Client 5.5 Severity: Category I - VMSKEY: V0052893 |
2014-A-0089 | Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE) Severity: Category I - VMSKEY: V0052805 |
2014-B-0079 | Multiple Vulnerabilities in IBM AIX Severity: Category I - VMSKEY: V0052641 |
2014-B-0078 | Multiple Vulnerabilities in Blue Coat ProxySG Severity: Category I - VMSKEY: V0052639 |
2014-A-0087 | Multiple Vulnerabilities in McAfee ePolicy Orchestrator Severity: Category I - VMSKEY: V0052637 |
2014-B-0080 | Multiple Vulnerabilities in Stunnel Severity: Category I - VMSKEY: V0052627 |
2014-B-0077 | Multiple Vulnerabilities in McAfee Web Gateway Severity: Category I - VMSKEY: V0052625 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-21 | OpenSSL SSL ChangeCipherSpec man-in-the-middle attempt RuleID : 52487 - Type : SERVER-OTHER - Revision : 1 |
2019-12-17 | libexpat internal entity heap over-read attempt RuleID : 52254 - Type : FILE-OTHER - Revision : 1 |
2019-12-17 | libexpat internal entity heap over-read attempt RuleID : 52253 - Type : FILE-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0758 attack attempt RuleID : 48855 - Type : PROTOCOL-OTHER - Revision : 1 |
2020-12-05 | TRUFFLEHUNTER TALOS-2019-0758 attack attempt RuleID : 48854 - Type : PROTOCOL-OTHER - Revision : 1 |
2018-04-27 | Python lib wave.py wav zero channel denial of service attempt RuleID : 46073 - Type : FILE-OTHER - Revision : 2 |
2018-04-27 | Python lib wave.py wav zero channel denial of service attempt RuleID : 46072 - Type : FILE-OTHER - Revision : 2 |
2016-10-18 | SSH weak blowfish cipher suite use attempt RuleID : 40190 - Type : POLICY-OTHER - Revision : 2 |
2016-10-18 | SSH weak 3DES cipher suite use attempt RuleID : 40189 - Type : POLICY-OTHER - Revision : 2 |
2016-10-18 | SSL weak 3DES cipher suite use attempt RuleID : 40188 - Type : POLICY-OTHER - Revision : 2 |
2016-10-18 | SSL weak 3DES cipher suite use attempt RuleID : 40187 - Type : POLICY-OTHER - Revision : 2 |
2016-10-18 | SSL weak 3DES cipher suite use attempt RuleID : 40186 - Type : POLICY-OTHER - Revision : 2 |
2014-11-16 | OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31484 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31483 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31482 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31481 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31480 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31479 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31478 - Type : SERVER-OTHER - Revision : 3 |
2014-11-16 | OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt RuleID : 31477 - Type : SERVER-OTHER - Revision : 3 |
2014-03-29 | Python socket.recvfrom_into remote buffer overflow attempt RuleID : 29968 - Type : SERVER-OTHER - Revision : 3 |
2014-03-29 | Python socket.recvfrom_into remote buffer overflow attempt RuleID : 29967 - Type : SERVER-OTHER - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-2bf852f063.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-33c7c17e71.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-4544e8dbc8.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-49d6e4bc3f.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-5ed8fb9efa.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-71fd5db181.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7689556ab2.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7eae87ec86.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-937e8a39c4.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9860917db0.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-99ff4c8f80.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ac14dbf3fd.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ae70d262b0.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bbbd8cc3a6.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-c3a2174314.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-d3b53d81e6.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ee97fc9e81.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1132.nasl - Type: ACT_GATHER_INFO |
2018-12-20 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1132.nasl - Type: ACT_GATHER_INFO |
2018-12-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1108.nasl - Type: ACT_GATHER_INFO |
2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3041.nasl - Type: ACT_GATHER_INFO |
2018-11-13 | Name: The remote Fedora host is missing a security update. File: fedora_2018-28ea2290ad.nasl - Type: ACT_GATHER_INFO |
2018-11-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-02.nasl - Type: ACT_GATHER_INFO |
2018-11-08 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1101.nasl - Type: ACT_GATHER_INFO |
2018-10-26 | Name: The remote Fedora host is missing a security update. File: fedora_2018-14526cbebe.nasl - Type: ACT_GATHER_INFO |