Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
8
CVSSv2
CVE-2015-20107
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow malicious users to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack va...
Python Python
Netapp Snapcenter -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2 Github repositories
7.8
CVSSv2
CVE-2020-7212
The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 up to and including 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not...
Python Urllib3
7.8
CVSSv2
CVE-2019-19588
The validators package 0.12.2 up to and including 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.
Validators Project Validators
7.8
CVSSv2
CVE-2012-0877
PyXML: Hash table collisions CPU usage Denial of Service
Python Pyxml -
Redhat Enterprise Virtualization Hypervisor -
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
7.8
CVSSv2
CVE-2017-14158
Scrapy 1.4 allows remote malicious users to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resour...
Scrapy Scrapy 1.4
7.8
CVSSv2
CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exact...
Python Hyper 0.4
Python Hyper 0.6
Python Hpack 1.0
Python Hpack 2.0
Python Hpack 2.1.1
Python Hpack 2.0.1
Python Hpack 2.2
7.8
CVSSv2
CVE-2009-2526
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote malicious users to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 I...
Microsoft Windows Server 2008 -
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Vista -
2 EDB exploits
7.8
CVSSv2
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
25 Github repositories
7.5
CVSSv2
CVE-2022-34265
An issue exists in Django 3.2 prior to 3.2.14 and 4.0 prior to 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list ...
Djangoproject Django
8 Github repositories
7.5
CVSSv2
CVE-2022-30885
The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.
Esa Pyesasky
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »