Filtered by vendor Python
Subscribe
Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1830 | 2 Opensuse, Python | 2 Opensuse, Requests | 2025-04-12 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. | |||||
| CVE-2015-5652 | 2 Microsoft, Python | 2 Windows, Python | 2025-04-12 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." | |||||
| CVE-2014-2667 | 1 Python | 1 Python | 2025-04-12 | 3.3 LOW | N/A |
| Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | |||||
| CVE-2016-0718 | 9 Apple, Canonical, Debian and 6 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |||||
| CVE-2016-5699 | 1 Python | 1 Python | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | |||||
| CVE-2011-4940 | 1 Python | 1 Python | 2025-04-11 | 2.6 LOW | N/A |
| The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. | |||||
| CVE-2011-4944 | 1 Python | 1 Python | 2025-04-11 | 1.9 LOW | N/A |
| Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | |||||
| CVE-2013-1633 | 1 Python | 1 Setuptools | 2025-04-11 | 6.8 MEDIUM | N/A |
| easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. | |||||
| CVE-2010-3493 | 1 Python | 1 Python | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. | |||||
| CVE-2012-0845 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. | |||||
| CVE-2013-2099 | 2 Canonical, Python | 2 Ubuntu Linux, Python | 2025-04-11 | 4.3 MEDIUM | N/A |
| Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. | |||||
| CVE-2011-1015 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | |||||
| CVE-2010-2089 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | |||||
| CVE-2012-0876 | 6 Canonical, Debian, Libexpat Project and 3 more | 11 Ubuntu Linux, Debian Linux, Libexpat and 8 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | |||||
| CVE-2010-1449 | 1 Python | 1 Python | 2025-04-11 | 7.5 HIGH | N/A |
| Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. | |||||
| CVE-2009-4134 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. | |||||
| CVE-2011-4617 | 1 Python | 1 Virtualenv | 2025-04-11 | 1.2 LOW | N/A |
| virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | |||||
| CVE-2010-3492 | 1 Python | 1 Python | 2025-04-11 | 5.0 MEDIUM | N/A |
| The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. | |||||
| CVE-2011-1521 | 1 Python | 1 Python | 2025-04-11 | 6.4 MEDIUM | N/A |
| The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | |||||
| CVE-2014-1604 | 1 Python | 1 Rply | 2025-04-11 | 2.1 LOW | N/A |
| The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. | |||||