Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-7440 |
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. Published: June 07, 2016; 2:59:00 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-9365 |
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: December 12, 2014; 6:59:07 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-1912 |
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Published: February 28, 2014; 7:55:05 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4238 |
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: August 17, 2013; 10:52:22 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4944 |
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Published: August 27, 2012; 7:55:01 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |