Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 3.8.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-17514
library/glob.html in the Python 2 and 3 documentation prior to 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is li...
Python Python 3.8.0
Python Python 3.6.0
Python Python 3.7.0
6.1
CVSSv3
CVE-2019-18348
An issue exists in urllib2 in Python 2.x up to and including 2.7.17 and urllib in Python 3.x up to and including 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in ...
Python Python
5.3
CVSSv3
CVE-2018-20852
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python prior to 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has ...
Python Python
7.5
CVSSv3
CVE-2019-19274
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a ...
Python Typed Ast 1.3.1
Python Typed Ast 1.3.0
7.5
CVSSv3
CVE-2019-19275
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-b...
Python Typed Ast 1.3.1
Python Typed Ast 1.3.0
9.8
CVSSv3
CVE-2019-10160
A security regression of CVE-2019-9636 exists in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an malicious user to exploit CVE-2019-9636 by abusing the user and password p...
Python Python
Python Python 3.8.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Eus 7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Redhat Virtualization 4.0
Netapp Cloud Backup -
9.8
CVSSv3
CVE-2021-29921
In Python prior to 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows malicious users to bypass access control that is based on IP addresses.
Python Python
Oracle Zfs Storage Appliance Kit 8.8
Oracle Graalvm 20.3.2
Oracle Graalvm 21.1.0
Oracle Communications Cloud Native Core Automated Test Suite 1.8.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
1 Github repository
7.5
CVSSv3
CVE-2019-20907
In Lib/tarfile.py in Python up to and including 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Python Python
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Netapp Active Iq Unified Manager
Netapp Cloud Volumes Ontap Mediator -
Oracle Zfs Storage Appliance Kit 8.8
2 Github repositories
5.9
CVSSv3
CVE-2021-23336
The package python/cpython from 0 and prior to 3.6.13, from 3.7.0 and prior to 3.7.10, from 3.8.0 and prior to 3.8.8, from 3.9.0 and prior to 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaki...
Python Python
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Cloud Backup -
Netapp Snapcenter -
Netapp Ontap Select Deploy Administration Utility -
Netapp Inventory Collect Tool -
Djangoproject Django
Oracle Zfs Storage Appliance 8.8
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Pricing Design Center 12.0.0.3.0
NA
CVE-2009-0669
Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to bypass authentication via vectors involving the ZEO network protocol.
Zope Zodb
Zope Zodb 3.8.0
Zope Zodb 3.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »