CVE search results

41 – 50 of 55 results

Detailed view

Sort by:

CVE-2013-7338

Low priority

Ignored

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2014-1912

Medium priority

Some fixes available 8 of 9

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—
python3.4	—	—	—	—	—

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bzr	Not affected	Not affected	Not affected	Not affected	Not affected
linkchecker	Not affected	Not affected	Not in release	Not affected	Not affected
python-tornado	Not affected	Not affected	Not affected	Not affected	Not affected
python-urllib3	Not affected	Not affected	Not affected	Not affected	Not affected
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.1	Not in release	Not in release	Not in release	Not in release	Not in release
python3.2	Not in release	Not in release	Not in release	Not in release	Not in release
python3.3	Not in release	Not in release	Not in release	Not in release	Not in release
w3af	Not in release	Not in release	Not in release	Not in release	Vulnerable
zeroinstall-injector	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2011-4944

Low priority

Some fixes available 13 of 16

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

7 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2012-2135

Low priority

Fixed

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or...

3 affected packages

python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2012-1150

Medium priority

Some fixes available 9 of 14

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2012-0845

Low priority

Some fixes available 11 of 14

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2011-1521

Medium priority

Some fixes available 9 of 12

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2010-3492

Negligible priority

Ignored

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the...

4 affected packages

python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports