Vulnerabilities > Python > Python > 3.2.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-06-07 | CVE-2013-7440 | Data Processing Errors vulnerability in Python The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | 4.3 |
2015-10-06 | CVE-2015-5652 | Remote Code Execution vulnerability in Python DLL Loading 'readline.pyd' Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. | 7.2 |
2014-12-12 | CVE-2014-9365 | TLS Certificate Validation Security Bypass vulnerability in Python The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2014-11-16 | CVE-2014-2667 | Race Condition vulnerability in Python Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | 3.3 |