Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
There are 26 matching records.
Displaying matches 21 through 26.
Vuln ID Summary CVSS Severity
CVE-2012-1150

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Published: October 05, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0845

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.

Published: October 05, 2012; 5:55:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4940

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

Published: June 27, 2012; 6:18:36 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2010-3492

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.

Published: October 19, 2010; 4:00:04 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-3720

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Published: November 03, 2009; 11:30:12 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Published: October 22, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH