UBUNTU-CVE-2014-4616

Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...

UBUNTU-CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

DEBIAN-CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

UBUNTU-CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

PT-2013-3541 · Python +1 · Python-Backports-Ssl Match Hostname +2

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.4 python-backports-ssl match hostname affected versions not specified Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by exploiting the ssl.match hostname...

CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

Fedora 17 : fail2ban-0.8.8-1.fc17 (2012-20619)

Update to 0.8.8 CVE-2012-5642 Bug 887914 - Fixes : - Alan Jenkins - 8c38907 Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid banning due to misconfigured DNS. Close gh-64 - Yaroslav Halchenko - 83109bc IMPORTANT: escape the content of if used in custom action files since its value...

DEBIAN-CVE-2012-0845

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...

PSF-2012-3 XML-RPC DoS

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of data than specified...

PSF-2012-6 Vulnerability in the utf-16 decoder after error handling

The utf-16 decoder in Python 3.1 through 3.3 does not update the alignedend variable after calling the unicodedecodecallerrorhandler function, which allows remote attackers to obtain sensitive information process memory or cause a denial of service memory corruption and crash via unspecified...

CVE-2011-4940

The listdirectory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting XSS...

python: distutils creates ~/.pypirc insecurely

Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...

python: hash table collisions CPU usage DoS (oCERT-2011-003)

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...

PT-2012-2011 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions 2.6 through 3.2 Description: The issue introduces a race condition where local users can obtain a username and password by reading the /.pypirc file, which is created with world-readable permissions before the permissions are...

PT-2012-3099 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3 Description: The issue allows context-dependent attackers to cause a denial of service, specifically...

CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application...

Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None...

python: audioop: incorrect integer overflow checks

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a...

PSF-2010-7 smtpd accept bug and race condition

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None...