CVE search results

81 – 90 of 94 results

Detailed view

Sort by:

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
bzr	Not affected	Not affected	Not affected	Not affected	Not affected
linkchecker	Not affected	Not affected	Not in release	Not affected	Not affected
python-tornado	Not affected	Not affected	Not affected	Not affected	Not affected
python-urllib3	Not affected	Not affected	Not affected	Not affected	Not affected
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.1	Not in release	Not in release	Not in release	Not in release	Not in release
python3.2	Not in release	Not in release	Not in release	Not in release	Not in release
python3.3	Not in release	Not in release	Not in release	Not in release	Not in release
w3af	Not in release	Not in release	Not in release	Not in release	Vulnerable
zeroinstall-injector	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2011-4944

Low priority

Some fixes available 13 of 16

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

7 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—
python3.3	—	—	—	—	—

CVE-2011-4940

Medium priority

Some fixes available 5 of 7

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it...

4 affected packages

python2.4, python2.5, python2.6, python2.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—

CVE-2012-1150

Medium priority

Some fixes available 9 of 14

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2012-0845

Low priority

Some fixes available 11 of 14

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2011-1521

Medium priority

Some fixes available 9 of 12

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2011-1015

Low priority

Some fixes available 5 of 7

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

4 affected packages

python2.4, python2.5, python2.6, python2.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—

CVE-2010-3492

Negligible priority

Ignored

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the...

4 affected packages

python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

CVE-2010-3493

Negligible priority

Some fixes available 4 of 7

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection,...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	—	—	—	—
python3.1	—	—	—	—	—
python3.2	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports