Vulnerability Details

CVEID: CVE-2014-4650
DESCRIPTION: Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failure to properly handle URL-encoded path separators in URLs. An attacker could exploit this vulnerability to obtain the source code of CGI scripts.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-7185
DESCRIPTION: Python could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bufferobject.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96193 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-1752
DESCRIPTION: Python SSL module is vulnerable to denial of service, caused by an unlimited readline() function call. A remote attacker could exploit this vulnerability to exhaust all available memory resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-1912
DESCRIPTION: Python is vulnerable to a buffer overflow, caused by improper bounds checking by sock_recvfrom_into() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90931 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)