Search CVE reports
61 – 70 of 73 results
Some fixes available 8 of 9
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Some fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, w3af, linkchecker, python-tornado, python-urllib3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected |
| w3af | Not in release | Not in release | Not in release | Not in release |
| linkchecker | Not affected | Not affected | Not in release | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected |
Some fixes available 13 of 16
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
7 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or...
3 affected packages
python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Some fixes available 9 of 14
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 11 of 14
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 9 of 12
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the...
4 affected packages
python3.2, python2.6, python2.7, python3.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.2 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
Some fixes available 4 of 7
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection,...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 4 of 11
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application...
6 affected packages
python3.1, python2.4, python2.5, python2.6, python2.7, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.1 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |