Filtered by vendor Python Subscriptions
Filtered by product Python Subscriptions
Total 129 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-29396 2 Odoo, Python 2 Odoo, Python 2024-08-04 8.8 High
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
CVE-2020-27619 4 Fedoraproject, Oracle, Python and 1 more 5 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python and 2 more 2024-08-04 9.8 Critical
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-26116 8 Canonical, Debian, Fedoraproject and 5 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2024-08-04 7.2 High
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
CVE-2020-15801 3 Microsoft, Netapp, Python 3 Windows, Max Data, Python 2024-08-04 9.8 Critical
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
CVE-2020-15523 3 Microsoft, Netapp, Python 3 Windows, Snapcenter, Python 2024-08-04 7.8 High
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.
CVE-2020-14422 5 Fedoraproject, Opensuse, Oracle and 2 more 6 Fedora, Leap, Enterprise Manager Ops Center and 3 more 2024-08-04 5.9 Medium
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
CVE-2020-10735 3 Fedoraproject, Python, Redhat 7 Fedora, Python, Enterprise Linux and 4 more 2024-08-04 7.5 High
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
CVE-2020-8492 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-08-04 6.5 Medium
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
CVE-2020-8315 1 Python 1 Python 2024-08-04 5.5 Medium
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.
CVE-2021-32052 3 Djangoproject, Fedoraproject, Python 3 Django, Fedora, Python 2024-08-03 6.1 Medium
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
CVE-2021-29921 3 Oracle, Python, Redhat 8 Communications Cloud Native Core Automated Test Suite, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Slice Selection Function and 5 more 2024-08-03 9.8 Critical
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
CVE-2021-28861 3 Fedoraproject, Python, Redhat 4 Fedora, Python, Enterprise Linux and 1 more 2024-08-03 7.4 High
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
CVE-2021-28667 2 Python, Stackstorm 2 Python, Stackstorm 2024-08-03 7.5 High
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name).
CVE-2021-4189 4 Debian, Netapp, Python and 1 more 6 Debian Linux, Ontap Select Deploy Administration Utility, Python and 3 more 2024-08-03 5.3 Medium
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
CVE-2021-3737 6 Canonical, Fedoraproject, Netapp and 3 more 18 Ubuntu Linux, Fedora, Hci and 15 more 2024-08-03 7.5 High
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
CVE-2021-3733 4 Fedoraproject, Netapp, Python and 1 more 21 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 18 more 2024-08-03 6.5 Medium
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2021-3426 6 Debian, Fedoraproject, Netapp and 3 more 11 Debian Linux, Fedora, Cloud Backup and 8 more 2024-08-03 5.7 Medium
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
CVE-2021-3177 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Active Iq Unified Manager and 9 more 2024-08-03 9.8 Critical
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
CVE-2022-48560 3 Debian, Python, Redhat 4 Debian Linux, Python, Enterprise Linux and 1 more 2024-08-03 7.5 High
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
CVE-2022-48564 3 Netapp, Python, Redhat 4 Active Iq Unified Manager, Python, Enterprise Linux and 1 more 2024-08-03 6.5 Medium
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.