Python

Python

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2014-7185

Exploit
  • EPSS 0.77%
  • Veröffentlicht 08.10.2014 17:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

7.4

CVE-2014-0224

Exploit
  • EPSS 93.21%
  • Veröffentlicht 05.06.2014 21:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...

4.3

CVE-2013-7040

  • EPSS 0.72%
  • Veröffentlicht 19.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attack...

7.1

CVE-2013-7338

Exploit
  • EPSS 5.92%
  • Veröffentlicht 22.04.2014 14:23:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, ...

7.5

CVE-2014-1912

Exploit
  • EPSS 33.63%
  • Veröffentlicht 01.03.2014 00:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6.8

CVE-2013-0340

Exploit
  • EPSS 0.07%
  • Veröffentlicht 21.01.2014 18:55:09
  • Zuletzt bearbeitet 25.11.2025 17:15:47

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests t...

4.3

CVE-2013-2099

  • EPSS 5.24%
  • Veröffentlicht 09.10.2013 14:53:20
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial ...

4.3

CVE-2013-4238

  • EPSS 4.27%
  • Veröffentlicht 18.08.2013 02:52:22
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof ar...

5

CVE-2012-0845

Exploit
  • EPSS 3.26%
  • Veröffentlicht 05.10.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that...

5

CVE-2012-1150

Exploit
  • EPSS 1.99%
  • Veröffentlicht 05.10.2012 21:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU ...