CVE search results

11 – 20 of 29 results

Detailed view

Sort by:

CVE-2014-2667

Low priority

Some fixes available 1 of 3

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging...

3 affected packages

python2.7, python3.2, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	—	Not affected	Not affected
python3.2	—	—	—	Not in release	Not in release
python3.4	—	—	—	Not in release	Not in release

CVE-2014-7185

Low priority

Fixed

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

3 affected packages

python2.7, python3.2, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	—	—	—
python3.2	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2014-4616

Low priority

Some fixes available 4 of 5

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx...

3 affected packages

python2.7, python3.2, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	—	—	—
python3.2	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2014-4650

Low priority

Some fixes available 4 of 5

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal...

3 affected packages

python2.7, python3.2, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	—	—	—
python3.2	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2013-7040

Low priority

Ignored

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2013-7338

Low priority

Ignored

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2014-1912

Medium priority

Some fixes available 8 of 9

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bzr	Not affected	Not affected	Not affected	Not affected	Not affected
linkchecker	Not affected	Not affected	Not in release	Not affected	Not affected
python-tornado	Not affected	Not affected	Not affected	Not affected	Not affected
python-urllib3	Not affected	Not affected	Not affected	Not affected	Not affected
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.1	Not in release	Not in release	Not in release	Not in release	Not in release
python3.2	Not in release	Not in release	Not in release	Not in release	Not in release
python3.3	Not in release	Not in release	Not in release	Not in release	Not in release
w3af	Not in release	Not in release	Not in release	Not in release	Vulnerable
zeroinstall-injector	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2011-4944

Low priority

Some fixes available 13 of 16

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

7 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports