Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*
There are 4 matching records.
Displaying matches 1 through 4.
Vuln ID Summary CVSS Severity
CVE-2013-7440

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

Published: June 07, 2016; 2:59:00 PM -0400
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-9365

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published: December 12, 2014; 6:59:07 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

Published: May 19, 2014; 10:55:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-7338

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

Published: April 22, 2014; 10:23:34 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH