|
|
Cpe Name: cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-24329 |
20 |
|
Bypass |
2023-02-17 |
2023-03-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
|
2 |
CVE-2022-45061 |
400 |
|
DoS |
2022-11-09 |
2023-01-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. |
|
3 |
CVE-2022-42919 |
|
|
Exec Code |
2022-11-07 |
2023-02-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. |
|
4 |
CVE-2022-37454 |
190 |
|
Exec Code Overflow |
2022-10-21 |
2023-03-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. |
|
5 |
CVE-2022-0391 |
74 |
|
|
2022-02-09 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. |
|
6 |
CVE-2021-29921 |
|
|
Bypass |
2021-05-06 |
2022-07-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. |
|
7 |
CVE-2021-28861 |
601 |
|
|
2022-08-23 |
2022-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." |
|
8 |
CVE-2021-28359 |
79 |
|
XSS |
2021-05-02 |
2021-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336). |
|
9 |
CVE-2021-23336 |
444 |
|
|
2021-02-15 |
2022-03-04 |
4.0 |
None |
Remote |
High |
Not required |
None |
Partial |
Partial |
|
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
|
10 |
CVE-2021-4189 |
252 |
|
|
2022-08-24 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. |
|
11 |
CVE-2021-3737 |
400 |
|
|
2022-03-04 |
2023-02-02 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. |
|
12 |
CVE-2021-3733 |
400 |
|
DoS |
2022-03-10 |
2022-10-26 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. |
|
13 |
CVE-2021-3426 |
22 |
|
Dir. Trav. |
2021-05-20 |
2022-10-25 |
2.7 |
None |
Local Network |
Low |
??? |
Partial |
None |
None |
|
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. |
|
14 |
CVE-2021-3177 |
120 |
|
Exec Code Overflow |
2021-01-19 |
2022-12-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. |
|
15 |
CVE-2020-27619 |
|
|
|
2020-10-22 |
2023-01-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
|
16 |
CVE-2020-26116 |
116 |
|
|
2020-09-27 |
2021-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
|
17 |
CVE-2020-14422 |
400 |
|
DoS |
2020-06-18 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. |
|
18 |
CVE-2020-10735 |
704 |
|
|
2022-09-09 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. |
|
19 |
CVE-2020-8492 |
400 |
|
DoS |
2020-01-30 |
2021-09-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. |
|
20 |
CVE-2020-8315 |
20 |
|
|
2020-01-28 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. |
|
21 |
CVE-2019-20907 |
835 |
|
|
2020-07-13 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. |
|
22 |
CVE-2019-18348 |
74 |
|
|
2019-10-23 |
2020-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. |
|
23 |
CVE-2019-16935 |
79 |
|
XSS |
2019-09-28 |
2023-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. |
|
24 |
CVE-2019-16056 |
|
|
|
2019-09-06 |
2023-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. |
|
25 |
CVE-2019-15903 |
125 |
|
|
2019-09-04 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. |
|
26 |
CVE-2019-12900 |
787 |
|
|
2019-06-19 |
2022-06-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. |
|
27 |
CVE-2019-10160 |
172 |
|
|
2019-06-07 |
2023-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. |
|
28 |
CVE-2019-9948 |
22 |
|
Dir. Trav. Bypass |
2019-03-23 |
2022-06-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. |
|
29 |
CVE-2019-9947 |
93 |
|
|
2019-03-23 |
2022-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. |
|
30 |
CVE-2019-9740 |
93 |
|
|
2019-03-13 |
2022-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. |
|
31 |
CVE-2019-9674 |
400 |
|
DoS |
2020-02-04 |
2023-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. |
|
32 |
CVE-2019-9636 |
|
|
|
2019-03-08 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. |
|
33 |
CVE-2019-5010 |
476 |
|
DoS |
2019-10-31 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. |
|
34 |
CVE-2018-1000802 |
77 |
|
DoS |
2018-09-18 |
2023-03-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. |
|
35 |
CVE-2018-1000030 |
787 |
|
Overflow Mem. Corr. |
2018-02-08 |
2020-08-24 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. |
|
36 |
CVE-2018-25032 |
787 |
|
Mem. Corr. |
2022-03-25 |
2023-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
|
37 |
CVE-2018-20852 |
20 |
|
|
2019-07-13 |
2020-08-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. |
|
38 |
CVE-2018-20406 |
190 |
|
Overflow |
2018-12-23 |
2020-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. |
|
39 |
CVE-2018-14647 |
909 |
|
DoS |
2018-09-25 |
2020-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. |
|
40 |
CVE-2018-1061 |
|
|
DoS |
2018-06-19 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. |
|
41 |
CVE-2018-1060 |
|
|
DoS |
2018-06-18 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. |
|
42 |
CVE-2017-1000158 |
190 |
|
Exec Code Overflow |
2017-11-17 |
2023-02-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) |
|
43 |
CVE-2017-18207 |
369 |
|
DoS |
2018-03-01 |
2020-01-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." |
|
44 |
CVE-2017-17522 |
74 |
|
|
2017-12-14 |
2017-12-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting. |
|
45 |
CVE-2017-9233 |
611 |
|
|
2017-07-25 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. |
|
46 |
CVE-2016-1000110 |
601 |
|
|
2019-11-27 |
2022-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. |
|
47 |
CVE-2016-9063 |
190 |
|
Overflow |
2018-06-11 |
2022-06-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. |
|
48 |
CVE-2016-5699 |
113 |
|
|
2016-09-02 |
2023-02-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. |
|
49 |
CVE-2016-5636 |
190 |
|
Overflow |
2016-09-02 |
2019-02-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. |
|
50 |
CVE-2016-4472 |
119 |
|
DoS Exec Code Overflow |
2016-06-30 |
2023-02-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. |
Total number of vulnerabilities : 76
Page :
1
(This Page) 2
|
|
