CVE-2016-0772
- EPSS 14.52%
- Veröffentlicht 02.09.2016 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network posi...
CVE-2016-2183
- EPSS 95.71%
- Veröffentlicht 01.09.2016 00:59:00
- Zuletzt bearbeitet 29.05.2026 21:16:27
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth...
CVE-2016-4472
- EPSS 11.95%
- Veröffentlicht 30.06.2016 17:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists ...
CVE-2016-3189
- EPSS 15.69%
- Veröffentlicht 30.06.2016 17:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2013-7440
- EPSS 1.94%
- Veröffentlicht 07.06.2016 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2016-0718
- EPSS 13.34%
- Veröffentlicht 26.05.2016 16:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-5652
- EPSS 0.59%
- Veröffentlicht 06.10.2015 01:59:27
- Zuletzt bearbeitet 06.05.2026 22:30:45
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a...
CVE-2015-1283
- EPSS 19.07%
- Veröffentlicht 23.07.2015 00:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec...
CVE-2014-9365
- EPSS 3.27%
- Veröffentlicht 12.12.2014 11:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify tha...
CVE-2014-2667
- EPSS 0.36%
- Veröffentlicht 16.11.2014 01:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulne...