Search CVE reports
71 – 80 of 96 results
CVE-2016-1000110
Medium prioritySome fixes available 7 of 10
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
4 affected packages
python2.7, python3.2, python3.4, python3.5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Not affected | Not affected | Not affected | Fixed |
python3.2 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
CVE-2013-7440
Low priorityThe ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2015-5652
Low priorityUntrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was...
4 affected packages
python2.7, python3.2, python3.4, python3.5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | Not affected | Not affected |
python3.2 | — | — | — | — | — |
python3.4 | — | — | — | Not in release | Not in release |
python3.5 | — | — | — | Not in release | Not affected |
CVE-2013-1753
Medium priorityThe gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2014-9365
Medium prioritySome fixes available 1 of 4
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust...
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | — | Not affected |
python3.2 | — | — | — | — | Not in release |
python3.4 | — | — | — | — | Not in release |
CVE-2014-2667
Low prioritySome fixes available 1 of 3
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging...
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | Not affected | Not affected |
python3.2 | — | — | — | Not in release | Not in release |
python3.4 | — | — | — | Not in release | Not in release |
CVE-2014-7185
Low priorityInteger overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2014-4616
Low prioritySome fixes available 4 of 5
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx...
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2014-4650
Low prioritySome fixes available 4 of 5
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal...
3 affected packages
python2.7, python3.2, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2013-7040
Low priorityPython 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |