Python 2.4.2
Approved changes feed: RSS · Atom
cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
part: a version: 2.4.2 update: *
| Vendor | Python (b57ad93a-6195-5192-9423-6cfad6044a8b) |
|---|---|
| Product | Python (fc328eef-0a85-5ddb-b629-b8866ec518c8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/python |
purl2cpe | 2026-06-01 10:16:29.242088 |
pkg:github/python/cpython |
purl2cpe | 2026-06-01 10:16:29.242089 |
pkg:python/python |
purl2cpe | 2026-06-01 10:16:29.242090 |
pkg:rpm/opensuse/python |
purl2cpe | 2026-06-01 10:16:29.242092 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2014-9365 |
vulnerable | 2026-06-03 14:34:26.678560 |
Details available
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Published: 2014-12-12T11:00:00.000Z
Updated: 2024-08-06T13:40:25.293Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2012-1150 |
vulnerable | 2026-06-03 14:31:41.676468 |
Details available
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Published: 2012-10-05T21:00:00.000Z
Updated: 2024-08-06T18:45:27.525Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2012-0845 |
vulnerable | 2026-06-03 14:31:39.864808 |
Details available
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
Published: 2012-10-05T21:00:00.000Z
Updated: 2024-08-06T18:38:14.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-4940 |
vulnerable | 2026-06-03 14:31:27.128220 |
Details available
The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
Published: 2012-06-27T10:00:00.000Z
Updated: 2024-08-07T00:23:39.213Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1521 |
vulnerable | 2026-06-03 14:31:02.143368 |
Details available
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.
Published: 2011-05-24T23:00:00.000Z
Updated: 2024-08-06T22:28:41.789Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.