CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2013-0340 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2013-0340
21 Jan 2014 — expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issu... • http://openwall.com/lists/oss-security/2013/02/22/3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 1%CPEs: 12EXPL: 0CVE-2013-2099 – python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns
https://notcve.org/view.php?id=CVE-2013-2099
10 Sep 2013 — Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. Vulnerabilidad de la complejidad algorítmica en la función ssl.match_hostname en Python 3.2.x, 3.3.x, y anteriores, y las versiones no especificadas de python-back... • http://bugs.python.org/issue17980 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.1EPSS: 3%CPEs: 37EXPL: 0CVE-2013-4238 – python: hostname check bypassing vulnerability in SSL module
https://notcve.org/view.php?id=CVE-2013-4238
18 Aug 2013 — The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función ssl.match_hostname en el módulo SSL en Python v2.6 hasta v3.4 no manejar adecuadamente un carácter “\0” en un nombre de dom... • http://bugs.python.org/issue18709 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 58EXPL: 1CVE-2012-0845 – python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request
https://notcve.org/view.php?id=CVE-2012-0845
05 Oct 2012 — SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. SimpleXMLRPCServer.py en SimpleXMLRPCServer en Python antes de v2.6.8, v2.7.x antes de v2.7.3, v3.x antes de v3.1.5, y v3.2.x antes de v3.2.x, permite a atacantes remotos provocar un... • http://bugs.python.org/issue14001 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 58EXPL: 1CVE-2012-1150 – python: hash table collisions CPU usage DoS (oCERT-2011-003)
https://notcve.org/view.php?id=CVE-2012-1150
05 Oct 2012 — Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Python anteriores a v2.6.8, v2.7.x anteriores a v2.7.3, 3.x anteriores a v3.1.5, y v3.2.x anteriores a v3.2.3 procesa los valores hash sin restringir la disponibilidad para provocar co... • http://bugs.python.org/issue13703 • CWE-310: Cryptographic Issues •
CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 0CVE-2011-4944 – python: distutils creates ~/.pypirc insecurely
https://notcve.org/view.php?id=CVE-2011-4944
27 Aug 2012 — Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. Python v2.6 a través de 3.2 crea ~/.pypirc con permisos de lectura en todo el mundo antes de cambiar los datos que se han escrito, introduce una condición de carrera que permite a usuarios locales obtener un nombre de usuario y contraseña mediante la lectura de este archivo. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 9EXPL: 0CVE-2012-2135
https://notcve.org/view.php?id=CVE-2012-2135
14 Aug 2012 — The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. El descodificador UTF-16 en Python v3.1 a v3.3 no actualiza la variable aligned_end después de llamar a la función unicode_decode_call_errorhandler, lo que permite a atacantes remotos obtener informació... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-0876 – expat: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0876
03 Jul 2012 — The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por con... • http://bugs.python.org/issue13703#msg151870 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.4EPSS: 2%CPEs: 39EXPL: 0CVE-2011-1521 – urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
https://notcve.org/view.php?id=CVE-2011-1521
24 May 2011 — The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. Los módulos urllib y urllib2 en Python v2.x anteriores a v2.7.2 y v3.x anteriores a v3.2.1 procesan los encabezados de ubicación que especificar la redir... • http://bugs.python.org/issue11662 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2010-3492 – Gentoo Linux Security Advisory 201401-04
https://notcve.org/view.php?id=CVE-2010-3492
19 Oct 2010 — The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. El módulo asyncore en Python anterior a v3.2 no controla correctamente llamadas fallidas a la función accept, y no tiene la doc... • http://bugs.python.org/issue6706 •