Filtered by vendor Python
Subscriptions
Filtered by product Python
Subscriptions
Total
129 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-7592 | 1 Python | 2 Cpython, Python | 2024-10-18 | 7.5 High |
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | ||||
CVE-2024-6232 | 2 Python, Redhat | 6 Python, Enterprise Linux, Rhel Aus and 3 more | 2024-10-18 | 7.5 High |
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | ||||
CVE-2023-38898 | 1 Python | 1 Python | 2024-10-08 | 5.3 Medium |
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | ||||
CVE-2022-26488 | 3 Microsoft, Netapp, Python | 4 Windows, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 1 more | 2024-10-04 | 7.0 High |
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | ||||
CVE-2022-48565 | 3 Debian, Python, Redhat | 3 Debian Linux, Python, Enterprise Linux | 2024-10-03 | 9.8 Critical |
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | ||||
CVE-2022-48566 | 3 Debian, Netapp, Python | 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more | 2024-10-03 | 5.9 Medium |
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | ||||
CVE-2023-41105 | 3 Netapp, Python, Redhat | 3 Active Iq Unified Manager, Python, Enterprise Linux | 2024-10-03 | 7.5 High |
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | ||||
CVE-2023-40217 | 2 Python, Redhat | 8 Python, Enterprise Linux, Rhel Aus and 5 more | 2024-10-02 | 5.3 Medium |
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | ||||
CVE-2018-1000117 | 2 Microsoft, Python | 2 Windows, Python | 2024-09-17 | 6.7 Medium |
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. | ||||
CVE-2021-23336 | 7 Debian, Djangoproject, Fedoraproject and 4 more | 14 Debian Linux, Django, Fedora and 11 more | 2024-09-16 | 5.9 Medium |
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | ||||
CVE-2002-1119 | 2 Python, Redhat | 3 Python, Enterprise Linux, Linux | 2024-08-08 | N/A |
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. | ||||
CVE-2004-0150 | 1 Python | 1 Python | 2024-08-08 | N/A |
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. | ||||
CVE-2005-0089 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2024-08-07 | N/A |
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. | ||||
CVE-2006-4980 | 2 Python, Redhat | 3 Python, Enterprise Linux, Network Satellite | 2024-08-07 | N/A |
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. | ||||
CVE-2006-1542 | 2 Python, Redhat | 2 Python, Network Satellite | 2024-08-07 | N/A |
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. | ||||
CVE-2007-4965 | 2 Python, Redhat | 3 Python, Enterprise Linux, Network Satellite | 2024-08-07 | N/A |
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. | ||||
CVE-2007-4559 | 2 Python, Redhat | 4 Python, Enterprise Linux, Rhel Eus and 1 more | 2024-08-07 | 5.5 Medium |
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. | ||||
CVE-2007-2052 | 2 Python, Redhat | 3 Python, Enterprise Linux, Network Satellite | 2024-08-07 | N/A |
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||||
CVE-2008-5983 | 4 Canonical, Fedoraproject, Python and 1 more | 4 Ubuntu Linux, Fedora, Python and 1 more | 2024-08-07 | N/A |
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. | ||||
CVE-2008-5031 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2024-08-07 | N/A |
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. |