Search Results (Refine Search)
- CPE Product Version: cpe:/a:python:python:2.7.1150::~~~~x64~
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9365 |
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: December 12, 2014; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-7185 |
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Published: October 08, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-1912 |
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Published: February 28, 2014; 7:55:05 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4238 |
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: August 17, 2013; 10:52:22 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4944 |
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Published: August 27, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |