Filtered by vendor Python
Subscribe
Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18207 | 1 Python | 1 Python | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." | |||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2019-12-04 | 2.1 LOW | 6.2 MEDIUM |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | |||||
| CVE-2012-0877 | 2 Python, Redhat | 3 Pyxml, Enterprise Linux, Enterprise Virtualization Hypervisor | 2019-12-03 | 7.8 HIGH | 7.5 HIGH |
| PyXML: Hash table collisions CPU usage Denial of Service | |||||
| CVE-2018-15560 | 1 Python | 1 Pycryptodome | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes. | |||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | |||||
| CVE-2010-3492 | 1 Python | 1 Python | 2019-10-28 | 5.0 MEDIUM | N/A |
| The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. | |||||
| CVE-2013-7040 | 2 Apple, Python | 2 Mac Os X, Python | 2019-10-25 | 4.3 MEDIUM | N/A |
| Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. | |||||
| CVE-2011-1015 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | |||||
| CVE-2012-0845 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. | |||||
| CVE-2011-4944 | 1 Python | 1 Python | 2019-10-25 | 1.9 LOW | N/A |
| Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | |||||
| CVE-2011-1521 | 1 Python | 1 Python | 2019-10-25 | 6.4 MEDIUM | N/A |
| The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | |||||
| CVE-2014-9365 | 2 Apple, Python | 2 Mac Os X, Python | 2019-10-25 | 5.8 MEDIUM | N/A |
| The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-4238 | 3 Canonical, Opensuse, Python | 3 Ubuntu Linux, Opensuse, Python | 2019-10-25 | 4.3 MEDIUM | N/A |
| The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2014-1912 | 2 Apple, Python | 2 Mac Os X, Python | 2019-10-25 | 7.5 HIGH | N/A |
| Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | |||||
| CVE-2010-3493 | 1 Python | 1 Python | 2019-10-25 | 4.3 MEDIUM | N/A |
| Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. | |||||
| CVE-2012-1150 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2014-7185 | 2 Apple, Python | 2 Mac Os X, Python | 2019-10-25 | 6.4 MEDIUM | N/A |
| Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | |||||
| CVE-2008-5031 | 1 Python | 1 Python | 2019-10-25 | 10.0 HIGH | N/A |
| Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | |||||
| CVE-2018-1061 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | |||||
| CVE-2013-7338 | 2 Apple, Python | 2 Mac Os X, Python | 2019-08-21 | 7.1 HIGH | N/A |
| Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. | |||||