Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-6580
A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the p...
Python Python Priority Library 1.0.0
Python Python Priority Library 1.1.0
Python Python Priority Library 1.1.1
4.7
CVSSv3
CVE-2019-15795
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and previous versions. This allows a man-in-the-middle attack which could potentially be used to install altered packages and...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
4.7
CVSSv3
CVE-2019-15796
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and previous versions. This allows downloads from unsigned repositories which shouldn...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
NA
CVE-2005-0088
The publisher handler for mod_python 2.7.8 and previous versions allows remote malicious users to obtain access to restricted objects via a crafted URL.
Apache Mod Python 1.9a
Apache Mod Python 2.0
Apache Mod Python 2.6
Apache Mod Python 2.6.1
Apache Mod Python 2.7.3
Apache Mod Python 2.7.4
Apache Mod Python 2.7.5
Apache Mod Python 2.1
Apache Mod Python 2.2
Apache Mod Python 2.6.2
Apache Mod Python 2.6.3
Apache Mod Python 2.7.6
Apache Mod Python 2.7.7
Apache Mod Python 2.3
Apache Mod Python 2.4
Apache Mod Python 2.6.4
Apache Mod Python 2.7
Apache Mod Python
Apache Mod Python 2.4.1
Apache Mod Python 2.5
Apache Mod Python 2.7.1
Apache Mod Python 2.7.2
7.5
CVSSv3
CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exact...
Python Hyper 0.4
Python Hyper 0.6
Python Hpack 1.0
Python Hpack 2.0
Python Hpack 2.1.1
Python Hpack 2.0.1
Python Hpack 2.2
7.5
CVSSv3
CVE-2022-48560
A use-after-free exists in Python up to and including 3.9 via heappushpop in heapq.
Python Python 3.9.0
Python Python
Debian Debian Linux 10.0
NA
CVE-2003-0973
Unknown vulnerability in mod_python 3.0.x prior to 3.0.4, and 2.7.x prior to 2.7.9, allows remote malicious users to cause a denial of service (httpd crash) via a certain query string.
Apache Mod Python 2.7.2
Apache Mod Python 2.7.3
Apache Mod Python 3.0.2
Apache Mod Python 3.0.3
Apache Mod Python 2.7
Apache Mod Python 2.7.1
Apache Mod Python 3.0
Apache Mod Python 3.0.1
Apache Mod Python 2.7.4
Apache Mod Python 2.7.5
Apache Mod Python 2.7.6
Apache Mod Python 2.7.7
Apache Mod Python 2.7.8
NA
CVE-2015-2296
The resolve_redirects function in sessions.py in requests 2.1.0 up to and including 2.5.3 allows remote malicious users to conduct session fixation attacks via a cookie without a host value in a redirect.
Mageia Project Mageia 4.0
Python Requests 2.1.0
Python Requests 2.2.1
Python Requests 2.3.0
Python Requests 2.4.1
Python Requests 2.4.3
Python Requests 2.5.0
Python Requests 2.5.1
Python Requests 2.5.2
Python Requests 2.4.0
Python Requests 2.4.2
Python Requests 2.5.3
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
NA
CVE-2014-3589
PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow prior to 2.3.2 and 2.5.x prior to 2.5.2 allows remote malicious users to cause a denial of service via a crafted block size.
Python Pillow 2.5.2
Python Pillow 2.5.1
Python Pillow
Python Pillow 2.3.0
Debian Python-imaging -
Python Pillow 2.5.0
Opensuse Opensuse 13.2
NA
CVE-2014-0105
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) prior to 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large num...
Openstack Python-keystoneclient 0.2.3
Openstack Python-keystoneclient 0.2.2
Openstack Python-keystoneclient 0.3.0
Openstack Python-keystoneclient 0.3.1
Openstack Python-keystoneclient 0.3.2
Openstack Python-keystoneclient
Openstack Python-keystoneclient 0.2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »