Search CVE reports


Toggle filters

11 – 20 of 29 results


CVE-2014-2667

Low priority

Some fixes available 1 of 3

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging...

3 affected packages

python2.7, python3.2, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not affected Not affected
python3.2 Not in release Not in release
python3.4 Not in release Not in release
Show less packages

CVE-2014-7185

Low priority
Fixed

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

3 affected packages

python2.7, python3.2, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7
python3.2
python3.4
Show less packages

CVE-2014-4616

Low priority

Some fixes available 4 of 5

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx...

3 affected packages

python2.7, python3.2, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7
python3.2
python3.4
Show less packages

CVE-2014-4650

Low priority

Some fixes available 4 of 5

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal...

3 affected packages

python2.7, python3.2, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7
python3.2
python3.4
Show less packages

CVE-2013-7040

Low priority
Ignored

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
Show less packages

CVE-2013-7338

Low priority
Ignored

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
python3.4
Show less packages

CVE-2014-1912

Medium priority

Some fixes available 8 of 9

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
python3.4
Show less packages

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
python3.3
Show less packages

CVE-2013-2099

Low priority

Some fixes available 5 of 41

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...

10 affected packages

bzr, linkchecker, python-tornado, python-urllib3, python2.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzr Not affected Not affected Not affected Not affected Not affected
linkchecker Not affected Not affected Not in release Not affected Not affected
python-tornado Not affected Not affected Not affected Not affected Not affected
python-urllib3 Not affected Not affected Not affected Not affected Not affected
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.1 Not in release Not in release Not in release Not in release Not in release
python3.2 Not in release Not in release Not in release Not in release Not in release
python3.3 Not in release Not in release Not in release Not in release Not in release
w3af Not in release Not in release Not in release Not in release Vulnerable
zeroinstall-injector Not affected Not affected Not affected Not affected Not affected
Show all 10 packages Show less packages

CVE-2011-4944

Low priority

Some fixes available 13 of 16

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

7 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
python3.3
Show all 7 packages Show less packages