Python@3.1 Security Vulnerabilities and Issues — Python@3.1 CVE List

Lucene search

PythonPython3.1

10 matches found

CVE•added 2014/12/12 11:59 a.m.•421 views

CVE-2014-9365

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in th...

5.8CVSS7.1AI score0.02442EPSS

CVE•added 2014/05/19 2:55 p.m.•351 views

CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption...

4.3CVSS8.2AI score0.01418EPSS

CVE•added 2014/03/01 12:55 a.m.•279 views

CVE-2014-1912

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

7.5CVSS8AI score0.26207EPSS

CVE•added 2013/08/18 2:52 a.m.•225 views

CVE-2013-4238

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate iss...

4.3CVSS6.2AI score0.03786EPSS

CVE•added 2012/08/27 11:55 p.m.•201 views

CVE-2011-4944

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

1.9CVSS8.1AI score0.00045EPSS

CVE•added 2011/05/24 11:55 p.m.•200 views

CVE-2011-1521

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demons...

6.4CVSS7.3AI score0.02293EPSS

CVE•added 2012/10/05 9:55 p.m.•176 views

CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application ...

5CVSS8.1AI score0.01418EPSS

CVE•added 2012/10/05 9:55 p.m.•158 views

CVE-2012-0845

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified...

5CVSS8.2AI score0.04681EPSS

CVE•added 2010/10/19 8:0 p.m.•84 views

CVE-2010-3493

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None...

4.3CVSS7.3AI score0.01275EPSS

CVE•added 2016/06/07 6:59 p.m.•64 views

CVE-2013-7440

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

5.9CVSS5.3AI score0.00345EPSS