Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2013-7040

Low priority
Ignored

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
Show less packages

CVE-2013-7338

Low priority
Ignored

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
python3.4
Show less packages

CVE-2014-1912

Medium priority

Some fixes available 8 of 9

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
python3.4
Show less packages

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
Show less packages

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzr Not affected Not affected Not affected Not affected Not affected
linkchecker Not affected Not affected Not in release Not affected Not affected
python-tornado Not affected Not affected Not affected Not affected Not affected
python-urllib3 Not affected Not affected Not affected Not affected Not affected
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.1 Not in release Not in release Not in release Not in release Not in release
python3.2 Not in release Not in release Not in release Not in release Not in release
python3.3 Not in release Not in release Not in release Not in release Not in release
w3af Not in release Not in release Not in release Not in release Vulnerable
zeroinstall-injector Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2011-4944

Low priority

Some fixes available 13 of 16

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

7 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
python3.3
Show all 7 packages Show less packages

CVE-2012-2135

Low priority
Fixed

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or...

3 affected packages

python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python3.1
python3.2
python3.3
Show less packages