Vulnerabilities > Python > Python > 3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-19 | CVE-2013-7040 | Cryptographic Issues vulnerability in multiple products Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | 4.3 |
2014-03-01 | CVE-2014-1912 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | 7.5 |
2013-08-18 | CVE-2013-4238 | Improper Input Validation vulnerability in multiple products The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 4.3 |