GCVE - cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*

part: a version: 1.6 update: *

Vendor	Python (`b57ad93a-6195-5192-9423-6cfad6044a8b`)
Product	Python (`fc328eef-0a85-5ddb-b629-b8866ec518c8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/python`	purl2cpe	2026-06-01 10:16:29.241947
`pkg:github/python/cpython`	purl2cpe	2026-06-01 10:16:29.241948
`pkg:python/python`	purl2cpe	2026-06-01 10:16:29.241950
`pkg:rpm/opensuse/python`	purl2cpe	2026-06-01 10:16:29.241951

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-1150`	vulnerable	2026-06-03 14:31:41.676148	Details available Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Published: 2012-10-05T21:00:00.000Z Updated: 2024-08-06T18:45:27.525Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-1615-1 http://python.org/download/releases/3.2.3/ http://secunia.com/advisories/51087 http://www.ubuntu.com/usn/USN-1592-1 http://bugs.python.org/issue13703	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-0845`	vulnerable	2026-06-03 14:31:39.855576	Details available SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. Published: 2012-10-05T21:00:00.000Z Updated: 2024-08-06T18:38:14.981Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2012/02/13/4 http://www.ubuntu.com/usn/USN-1615-1 http://python.org/download/releases/3.2.3/ http://bugs.python.org/issue14001 http://secunia.com/advisories/51087	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4940`	vulnerable	2026-06-03 14:31:27.120347	Details available The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. Published: 2012-06-27T10:00:00.000Z Updated: 2024-08-07T00:23:39.213Z Open on db.gcve.eu Reference links http://www.ubuntu.com/usn/USN-1592-1 http://jvn.jp/en/jp/JVN51176027/index.html http://secunia.com/advisories/51040 http://secunia.com/advisories/50858 http://bugs.python.org/issue11442	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.