Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 2.0.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an malicious user to authenticate and access unauthorized resources. This does ...
Apache Superset
20 Github repositories
1 Article
9.8
CVSSv3
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) prior to 2.0.1 fails to check that the signature is non-zero, which allows malicious users to forge signatures on arbitrary messages.
Starkbank Ecdsa-python
9.8
CVSSv3
CVE-2016-4972
OpenStack Murano prior to 1.0.3 (liberty) and 2.x prior to 2.0.1 (mitaka), Murano-dashboard prior to 1.0.3 (liberty) and 2.x prior to 2.0.1 (mitaka), and python-muranoclient prior to 0.7.3 (liberty) and 0.8.x prior to 0.8.5 (mitaka) improperly use loaders inherited from yaml.Load...
Openstack Python-muranoclient
Openstack Mitaka-murano
Openstack Murano-dashboard
Openstack Murano
9
CVSSv3
CVE-2015-8557
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 up to and including 2.0.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in a font name.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Pygments Pygments 1.6
Pygments Pygments 2.0
Pygments Pygments 1.3.1
Pygments Pygments 2.0.1
Pygments Pygments 1.4
Pygments Pygments 1.3
Pygments Pygments 1.5
Pygments Pygments 1.2.2
7.5
CVSSv3
CVE-2023-33175
ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in versi...
Toui Project Toui
7.5
CVSSv3
CVE-2020-5215
In TensorFlow prior to 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a...
Google Tensorflow
7.5
CVSSv3
CVE-2018-6188
django.contrib.auth.forms.AuthenticationForm in Django 2.0 prior to 2.0.2, and 1.11.8 and 1.11.9, allows remote malicious users to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether ...
Djangoproject Django 2.0
Djangoproject Django 2.0.1
Djangoproject Django 1.11.8
Djangoproject Django 1.11.9
Canonical Ubuntu Linux 17.10
7.5
CVSSv3
CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exact...
Python Hpack 2.1.1
Python Hyper 0.6
Python Hpack 2.2
Python Hpack 2.0
Python Hyper 0.4
Python Hpack 2.0.1
Python Hpack 1.0
6.5
CVSSv3
CVE-2022-36024
py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that us...
Pycord Development Pycord 2.0.0
1 Github repository
6.1
CVSSv3
CVE-2021-28359
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-...
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »