Search CVE reports
71 – 80 of 94 results
CVE-2015-5652
Low priorityUntrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was...
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | Not affected | Not affected |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | Not in release | Not in release |
| python3.5 | — | — | — | Not in release | Not affected |
CVE-2013-1753
Medium priorityThe gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2014-9365
Medium prioritySome fixes available 1 of 4
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | Not affected |
| python3.2 | — | — | — | — | Not in release |
| python3.4 | — | — | — | — | Not in release |
CVE-2014-2667
Low prioritySome fixes available 1 of 3
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | Not affected | Not affected |
| python3.2 | — | — | — | Not in release | Not in release |
| python3.4 | — | — | — | Not in release | Not in release |
CVE-2014-7185
Low priorityInteger overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2014-4616
Low prioritySome fixes available 4 of 5
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2014-4650
Low prioritySome fixes available 4 of 5
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2013-7040
Low priorityPython 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
CVE-2013-7338
Low priorityPython before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2014-1912
Medium prioritySome fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | — | — |
| python2.7 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.3 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |