Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
760
VMScore
CVE-2008-4864
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 up to and including 2.5.1 allow context-dependent malicious users to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to ...
Python Python
2 EDB exploits
756
VMScore
CVE-2021-33509
Plone up to and including 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Plone Plone
756
VMScore
CVE-2018-0015
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If ...
Juniper Appformix
756
VMScore
CVE-2014-2331
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
Check Mk Project Check Mk
756
VMScore
CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Plone Plone 1.0
Plone Plone 1.0.1
Plone Plone 1.0.2
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 2.1.4
Plone Plone 2.5
Plone Plone 3.1.1
Plone Plone 3.1.2
Plone Plone 3.1.3
Plone Plone 3.1.4
Plone Plone 4.0
Plone Plone 4.0.1
Plone Plone 4.0.2
Plone Plone 4.0.3
Plone Plone 4.2
Plone Plone 4.2.0.1
Plone Plone 4.2.1.1
Plone Plone 4.2.1
Plone Plone 2.0
Plone Plone 2.0.1
Plone Plone 2.0.2
756
VMScore
CVE-2012-5493
gtbn.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 3.1.7
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 2.5.3
Plone Plone 4.2
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
756
VMScore
CVE-2010-2235
template_api.py in Cobbler prior to 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute ...
Michael Dehaan Cobbler 1.0.2
Michael Dehaan Cobbler 1.6.1
Michael Dehaan Cobbler 1.2.0
Michael Dehaan Cobbler 1.6.8
Michael Dehaan Cobbler 1.2.8
Michael Dehaan Cobbler 1.6.6-1
Michael Dehaan Cobbler 2.0.0
Michael Dehaan Cobbler 0.2.3
Michael Dehaan Cobbler 1.2.2
Michael Dehaan Cobbler 0.2.7
Michael Dehaan Cobbler 0.3.5
Michael Dehaan Cobbler 2.0.1-1
Michael Dehaan Cobbler 0.3.0
Michael Dehaan Cobbler 1.4.3-4
Michael Dehaan Cobbler 1.2.6
Michael Dehaan Cobbler 0.4.0
Michael Dehaan Cobbler 1.2.3
Michael Dehaan Cobbler 0.4.3
Michael Dehaan Cobbler 0.8.1
Michael Dehaan Cobbler 1.3.3
Michael Dehaan Cobbler 1.6.3
Michael Dehaan Cobbler 1.6.8-1
755
VMScore
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote malicious users to read script source code or conduct directory traversal attacks and execute unintended code via a crafted char...
Python Python
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 5.0
Redhat Software Collections -
1 EDB exploit
755
VMScore
CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document eve...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Opensuse Leap 15.0
Canonical Ubuntu Linux 19.04
Fedoraproject Fedora 29
Opensuse Leap 15.1
Canonical Ubuntu Linux 16.04
Libreoffice Libreoffice
1 EDB exploit
1 Github repository
755
VMScore
CVE-2019-8341
An issue exists in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE...
Pocoo Jinja2 2.10
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »