Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 3.3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2014-0242
mod_wsgi module prior to 3.4 for Apache, when used in embedded mode, might allow remote malicious users to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
Modwsgi Mod Wsgi
1 EDB exploit
NA
CVE-2013-1752
Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote malicious users to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2....
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
130 Github repositories
8.8
CVSSv3
CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Paramiko Paramiko 2.1.5
Paramiko Paramiko 1.18.5
Paramiko Paramiko 2.3.2
Paramiko Paramiko 2.2.3
Paramiko Paramiko 2.4.1
Paramiko Paramiko 2.0.8
Paramiko Paramiko 1.17.6
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 6.7
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Tus 6.6
Redhat Enterprise Linux Server Tus 7.6
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Server Aus 6.5
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Workstation 6.0
Redhat Ansible Tower 3.3
Redhat Enterprise Linux Server Aus 6.4
Redhat Enterprise Linux Server Aus 6.6
1 Github repository
6.5
CVSSv3
CVE-2017-1000483
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.
Plone Plone 5.0.6
Plone Plone 5.0.5
Plone Plone 5.0.4
Plone Plone 5.0.3
Plone Plone 5.0.2
Plone Plone 4.3.4
Plone Plone 4.3.3
Plone Plone 4.3.2
Plone Plone 4.3.1
Plone Plone 4.1.2
Plone Plone 4.1.1
Plone Plone 4.1
Plone Plone 4.0.10
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 2.5.5
Plone Plone 5.1
Plone Plone 4.3.12
Plone Plone 4.3.11
Plone Plone 4.3.10
Plone Plone 4.3.9
3.3
CVSSv3
CVE-2017-3590
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 2.1.5 and previous versions. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure whe...
Oracle Connector\\/python
5.3
CVSSv3
CVE-2016-1494
The verify function in the RSA package for Python (Python-RSA) prior to 3.3 allows malicious users to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
Python Rsa
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Opensuse Leap 42.1
5 Github repositories
NA
CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Plone Plone 1.0
Plone Plone 1.0.1
Plone Plone 1.0.2
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 2.1.4
Plone Plone 2.5
Plone Plone 3.1.1
Plone Plone 3.1.2
Plone Plone 3.1.3
Plone Plone 3.1.4
Plone Plone 4.0
Plone Plone 4.0.1
Plone Plone 4.0.2
Plone Plone 4.0.3
Plone Plone 4.2
Plone Plone 4.2.0.1
Plone Plone 4.2.1.1
Plone Plone 4.2.1
Plone Plone 2.0
Plone Plone 2.0.1
Plone Plone 2.0.2
NA
CVE-2012-5493
gtbn.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 3.1.7
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 2.5.3
Plone Plone 4.2
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
NA
CVE-2012-5485
registerConfiglet.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to execute Python code via unspecified vectors, related to the admin interface.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »