Vulnerabilities > Python > Python > 2.6.8

DATE CVE VULNERABILITY TITLE RISK
2015-10-06 CVE-2015-5652 Remote Code Execution vulnerability in Python DLL Loading 'readline.pyd'
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory.
local
low complexity
python microsoft
7.2
2014-12-12 CVE-2014-9365 TLS Certificate Validation Security Bypass vulnerability in Python
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
python apple
5.8
2014-10-08 CVE-2014-7185 Numeric Errors vulnerability in multiple products
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
network
low complexity
python apple CWE-189
6.4
2014-03-01 CVE-2014-1912 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
network
low complexity
python apple CWE-119
7.5
2013-08-18 CVE-2013-4238 Improper Input Validation vulnerability in multiple products
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
4.3
2012-08-27 CVE-2011-4944 Permissions, Privileges, and Access Controls vulnerability in Python
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
local
python CWE-264
1.9
2010-10-19 CVE-2010-3492 Denial-Of-Service vulnerability in Python
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
network
low complexity
python
5.0