Vulnerabilities (CVE)

Vendor filter

Python Subscribe

Product filter

Python Subscribe


88 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16865 1 Python 1 Pillow 2019-10-10 4.3
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
CVE-2019-10138 1 Python 1 Novajoin 2019-10-09 6.5
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
CVE-2018-1000030 2 Python, Canonical 2 Python, Ubuntu Linux 2019-10-09 6.8
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed....
CVE-2019-16935 1 Python 1 Python 2019-10-09 4.3
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/ in Python 2.x, and in Lib/xmlrpc/ in Python 3.x. If...
CVE-2018-1000802 3 Python, Canonical, Debian 3 Python, Ubuntu Linux, Debian Linux 2019-10-03 7.5
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of...
CVE-2017-2810 1 Python 1 Tablib 2019-10-03 7.5
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger...
CVE-2018-1061 5 Python, Debian, Redhat and 2 more 8 Python, Debian Linux, Ansible Tower and 5 more 2019-10-03 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-14647 4 Python, Canonical, Debian and 1 more 4 Python, Ubuntu Linux, Debian Linux and 1 more 2019-10-03 5.0
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash...
CVE-2018-1060 5 Python, Redhat, Canonical and 2 more 8 Python, Ansible Tower, Ubuntu Linux and 5 more 2019-10-03 5.0
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2017-1000158 2 Python, Debian 2 Python, Debian Linux 2019-10-03 7.5
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CVE-2018-20060 2 Python, Fedoraproject 2 Urllib3, Fedora 2019-10-03 5.0
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to...
CVE-2019-11324 3 Urllib3 Project, Canonical, Python 3 Urllib3, Ubuntu Linux, Urllib3 2019-09-14 5.0
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification...
CVE-2019-16056 1 Python 1 Python 2019-09-11 5.0
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and...
CVE-2013-7338 2 Python, Apple 2 Mac Os X, Python 2019-08-21 7.1
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1), (2), (3)...
CVE-2018-20852 1 Python 1 Python 2019-08-17 5.0
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/ in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a...
CVE-2019-13404 1 Python 1 Python 2019-07-15 9.3
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's...
CVE-2019-9948 3 Python, Netapp, Opensuse 3 Python, Active Iq Performance Analytics Services, Leap 2019-06-19 6.4
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-6690 5 Python, Suse, Debian and 2 more 5 Python-gnupg, Backports, Debian Linux and 2 more 2019-06-18 5.0
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a...
CVE-2019-10160 2 Python, Redhat 2 Python, Enterprise Linux 2019-06-17 5.0
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit...
CVE-2019-12761 1 Python 1 Pyxdg 2019-06-16 5.1
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this...