CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 0CVE-2013-2099 – python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
https://notcve.org/view.php?id=CVE-2013-2099
10 Sep 2013 — Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. Vulnerabilidad de la complejidad algorítmica en la función ssl.match_hostname en Python 3.2.x, 3.3.x, y anteriores, y las versiones no especificadas de python-back... • http://bugs.python.org/issue17980 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.1EPSS: 3%CPEs: 37EXPL: 0CVE-2013-4238 – python: hostname check bypassing vulnerability in SSL module
https://notcve.org/view.php?id=CVE-2013-4238
18 Aug 2013 — The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función ssl.match_hostname en el módulo SSL en Python v2.6 hasta v3.4 no manejar adecuadamente un carácter “\0” en un nombre de dom... • http://bugs.python.org/issue18709 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 58EXPL: 1CVE-2012-0845 – python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request
https://notcve.org/view.php?id=CVE-2012-0845
05 Oct 2012 — SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. SimpleXMLRPCServer.py en SimpleXMLRPCServer en Python antes de v2.6.8, v2.7.x antes de v2.7.3, v3.x antes de v3.1.5, y v3.2.x antes de v3.2.x, permite a atacantes remotos provocar un... • http://bugs.python.org/issue14001 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 58EXPL: 1CVE-2012-1150 – python: hash table collisions CPU usage DoS (oCERT-2011-003)
https://notcve.org/view.php?id=CVE-2012-1150
05 Oct 2012 — Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Python anteriores a v2.6.8, v2.7.x anteriores a v2.7.3, 3.x anteriores a v3.1.5, y v3.2.x anteriores a v3.2.3 procesa los valores hash sin restringir la disponibilidad para provocar co... • http://bugs.python.org/issue13703 • CWE-310: Cryptographic Issues •
CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 0CVE-2011-4944 – python: distutils creates ~/.pypirc insecurely
https://notcve.org/view.php?id=CVE-2011-4944
27 Aug 2012 — Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Python v2.6 a través de 3.2 crea ~/.pypirc con permisos de lectura en todo el mundo antes de cambiar los datos que se han escrito, introduce una condición de carrera que permite a usuarios locales obtener un nombre de usuario y contraseña mediante la lectura de este archivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 9EXPL: 0CVE-2012-2135
https://notcve.org/view.php?id=CVE-2012-2135
14 Aug 2012 — The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. El descodificador UTF-16 en Python v3.1 a v3.3 no actualiza la variable aligned_end después de llamar a la función unicode_decode_call_errorhandler, lo que permite a atacantes remotos obtener informació... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-0876 – expat: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0876
03 Jul 2012 — The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por con... • http://bugs.python.org/issue13703#msg151870 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.4EPSS: 2%CPEs: 39EXPL: 0CVE-2011-1521 – urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
https://notcve.org/view.php?id=CVE-2011-1521
24 May 2011 — The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Los módulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicación que especificar la redir... • http://bugs.python.org/issue11662 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3493 – Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)
https://notcve.org/view.php?id=CVE-2010-3493
19 Oct 2010 — Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Múltiples condiciones de car... • http://bugs.python.org/issue6706 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 93%CPEs: 5EXPL: 6CVE-2007-4559 – python: tarfile module directory traversal
https://notcve.org/view.php?id=CVE-2007-4559
28 Aug 2007 — Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. Vulnerabilidad de salto de directorio en las funciones (1) extract y (2) extractall en el módulo tarfile en Python permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección a través de la secuencia .... • https://github.com/davidholiday/CVE-2007-4559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •