CVE-2014-7185
- EPSS 5.31%
- Veröffentlicht 08.10.2014 17:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
CVE-2014-0224
- EPSS 95.33%
- Veröffentlicht 05.06.2014 21:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...
CVE-2013-7040
- EPSS 3.26%
- Veröffentlicht 19.05.2014 14:55:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attack...
CVE-2013-7338
- EPSS 5.06%
- Veröffentlicht 22.04.2014 14:23:34
- Zuletzt bearbeitet 06.05.2026 22:30:45
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, ...
CVE-2014-1912
- EPSS 28.32%
- Veröffentlicht 01.03.2014 00:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
CVE-2013-0340
- EPSS 19.43%
- Veröffentlicht 21.01.2014 18:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests t...
CVE-2013-2099
- EPSS 4.86%
- Veröffentlicht 09.10.2013 14:53:20
- Zuletzt bearbeitet 29.04.2026 01:13:23
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial ...
CVE-2013-4238
- EPSS 5.35%
- Veröffentlicht 18.08.2013 02:52:22
- Zuletzt bearbeitet 29.04.2026 01:13:23
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof ar...
- EPSS 5.62%
- Veröffentlicht 05.10.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:22
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that...
- EPSS 5.06%
- Veröffentlicht 05.10.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:39:08
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU ...