CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 0CVE-2013-2099 – python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
https://notcve.org/view.php?id=CVE-2013-2099
10 Sep 2013 — Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. Vulnerabilidad de la complejidad algorítmica en la función ssl.match_hostname en Python 3.2.x, 3.3.x, y anteriores, y las versiones no especificadas de python-back... • http://bugs.python.org/issue17980 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.1EPSS: 3%CPEs: 37EXPL: 0CVE-2013-4238 – python: hostname check bypassing vulnerability in SSL module
https://notcve.org/view.php?id=CVE-2013-4238
18 Aug 2013 — The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función ssl.match_hostname en el módulo SSL en Python v2.6 hasta v3.4 no manejar adecuadamente un carácter “\0” en un nombre de dom... • http://bugs.python.org/issue18709 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 1%CPEs: 9EXPL: 0CVE-2012-2135
https://notcve.org/view.php?id=CVE-2012-2135
14 Aug 2012 — The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. El descodificador UTF-16 en Python v3.1 a v3.3 no actualiza la variable aligned_end después de llamar a la función unicode_decode_call_errorhandler, lo que permite a atacantes remotos obtener informació... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 •
CVSS: 9.8EPSS: 93%CPEs: 5EXPL: 6CVE-2007-4559 – python: tarfile module directory traversal
https://notcve.org/view.php?id=CVE-2007-4559
28 Aug 2007 — Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. Vulnerabilidad de salto de directorio en las funciones (1) extract y (2) extractall en el módulo tarfile en Python permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección a través de la secuencia .... • https://github.com/davidholiday/CVE-2007-4559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •