Search CVE reports
81 – 90 of 96 results
CVE-2013-7338
Low priorityPython before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2014-1912
Medium prioritySome fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2013-4238
Medium prioritySome fixes available 8 of 9
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
CVE-2013-2099
Low prioritySome fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, linkchecker, python-tornado, python-urllib3, python2.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected | Not affected |
| linkchecker | Not affected | Not affected | Not in release | Not affected | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| w3af | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2011-4944
Low prioritySome fixes available 13 of 16
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
7 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
CVE-2011-4940
Medium prioritySome fixes available 5 of 7
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it...
4 affected packages
python2.4, python2.5, python2.6, python2.7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
CVE-2012-1150
Medium prioritySome fixes available 9 of 14
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
CVE-2012-0845
Low prioritySome fixes available 11 of 14
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
CVE-2011-1521
Medium prioritySome fixes available 9 of 12
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
CVE-2011-1015
Low prioritySome fixes available 5 of 7
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
4 affected packages
python2.4, python2.5, python2.6, python2.7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |