Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 3.8.0 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-47641
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En...
Aiohttp Aiohttp
5.3
CVSSv3
CVE-2023-26052
Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in ...
Saleor Saleor
9.8
CVSSv3
CVE-2021-29921
In Python prior to 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows malicious users to bypass access control that is based on IP addresses.
Python Python
Oracle Zfs Storage Appliance Kit 8.8
Oracle Graalvm 20.3.2
Oracle Graalvm 21.1.0
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
1 Github repository
5.9
CVSSv3
CVE-2021-23336
The package python/cpython from 0 and prior to 3.6.13, from 3.7.0 and prior to 3.7.10, from 3.8.0 and prior to 3.8.8, from 3.9.0 and prior to 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaki...
Python Python
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Ontap Select Deploy Administration Utility -
Netapp Inventory Collect Tool -
Djangoproject Django
Oracle Zfs Storage Appliance 8.8
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Pricing Design Center 12.0.0.3.0
7.5
CVSSv3
CVE-2019-20907
In Lib/tarfile.py in Python up to and including 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Python Python
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Netapp Active Iq Unified Manager
Netapp Cloud Volumes Ontap Mediator -
Oracle Zfs Storage Appliance Kit 8.8
2 Github repositories
7.5
CVSSv3
CVE-2019-19274
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a ...
Python Typed Ast 1.3.1
Python Typed Ast 1.3.0
7.5
CVSSv3
CVE-2019-19275
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-b...
Python Typed Ast 1.3.1
Python Typed Ast 1.3.0
6.1
CVSSv3
CVE-2019-18348
An issue exists in urllib2 in Python 2.x up to and including 2.7.17 and urllib in Python 3.x up to and including 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in ...
Python Python
7.5
CVSSv3
CVE-2019-17514
library/glob.html in the Python 2 and 3 documentation prior to 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is li...
Python Python 3.8.0
Python Python 3.6.0
Python Python 3.7.0
5.3
CVSSv3
CVE-2018-20852
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python prior to 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has ...
Python Python
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »