Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.1.2.2020.1275 |
Categoría: | Huawei EulerOS Local Security Checks |
Título: | Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1275) |
Resumen: | The remote host is missing an update for the Huawei EulerOS 'python' package(s) announced via the EulerOS-SA-2020-1275 advisory. |
Descripción: | Summary: The remote host is missing an update for the Huawei EulerOS 'python' package(s) announced via the EulerOS-SA-2020-1275 advisory. Vulnerability Insight: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056) An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947) An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740) The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935) library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514) Affected Software/OS: 'python' package(s) on Huawei EulerOS Virtualization 3.0.2.2. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-9740 BugTraq ID: 107466 http://www.securityfocus.com/bid/107466 Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search) https://seclists.org/bugtraq/2019/Oct/29 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXASHCDD4PQFKTMKQN4YOP5ZH366ABN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44TS66GJMO5H3RLMVZEBGEFTB6O2LJJU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ORNTF62QPLMJXIQ7KTZQ2776LMIXEKL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMWSKTNOHSUOT3L25QFJAVCFYZX46FYK/ https://security.gentoo.org/glsa/202003-26 http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html https://bugs.python.org/issue36276 https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html https://lists.debian.org/debian-lts-announce/2019/06/msg00026.html https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html http://www.openwall.com/lists/oss-security/2021/02/04/2 RedHat Security Advisories: RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:1260 RedHat Security Advisories: RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030 RedHat Security Advisories: RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3335 RedHat Security Advisories: RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3520 RedHat Security Advisories: RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725 SuSE Security Announcement: openSUSE-SU-2019:2131 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html SuSE Security Announcement: openSUSE-SU-2019:2133 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html https://usn.ubuntu.com/4127-1/ https://usn.ubuntu.com/4127-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9947 https://bugs.python.org/issue35906 SuSE Security Announcement: openSUSE-SU-2019:2389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html SuSE Security Announcement: openSUSE-SU-2019:2393 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |