Search CVE reports
111 – 120 of 128 results
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 4 of 8
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4,...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 8 of 9
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Some fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, w3af, linkchecker, python-tornado, python-urllib3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected |
| w3af | Not in release | Not in release | Not in release | Not in release |
| linkchecker | Not affected | Not affected | Not in release | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected |
Some fixes available 13 of 16
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
7 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Some fixes available 5 of 7
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it...
4 affected packages
python2.4, python2.5, python2.6, python2.7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. ...
3 affected packages
python2.5, python2.6, python2.7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
Some fixes available 9 of 14
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 11 of 14
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |