Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 3.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-24583
An issue exists in Django 2.2 prior to 2.2.16, 3.0 prior to 3.0.10, and 3.1 prior to 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to in...
Djangoproject Django
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Zfs Storage Appliance Kit 8.8
8.8
CVSSv3
CVE-2010-2753
Integer overflow in Mozilla Firefox 3.5.x prior to 3.5.11 and 3.6.x prior to 3.6.7, Thunderbird 3.0.x prior to 3.0.6 and 3.1.x prior to 3.1.1, and SeaMonkey prior to 2.0.6 allows remote malicious users to execute arbitrary code via a large selection attribute in a XUL tree elemen...
Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird 3.1
Mozilla Thunderbird
Suse Linux Enterprise Desktop 11
Opensuse Opensuse 11.1
Suse Linux Enterprise Server 11
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Linux Enterprise Software Development Kit 11
5.3
CVSSv3
CVE-2021-28658
In Django 2.2 prior to 2.2.20, 3.0 prior to 3.0.14, and 3.1 prior to 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
NA
CVE-2014-3146
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml prior to 3.3.5 allows remote malicious users to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.
Lxml Lxml
Lxml Lxml 3.3.0
Lxml Lxml 3.2.0
Lxml Lxml 3.1.2
Lxml Lxml 3.0
Lxml Lxml 2.3
Lxml Lxml 2.2.4
Lxml Lxml 2.2.3
Lxml Lxml 2.2.2
Lxml Lxml 2.1.4
Lxml Lxml 2.0.11
Lxml Lxml 2.0.8
Lxml Lxml 2.1
Lxml Lxml 2.0.2
Lxml Lxml 2.0.1
Lxml Lxml 1.3.2
Lxml Lxml 1.3.1
Lxml Lxml 1.0.4
Lxml Lxml 1.0.3
Lxml Lxml 0.7
Lxml Lxml 0.6
Lxml Lxml 3.3.1
1 EDB exploit
NA
CVE-2012-2921
Universal Feed Parser (aka feedparser or python-feedparser) prior to 5.1.2 allows remote malicious users to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
Mark Pilgrim Feedparser 5.1.2
Mark Pilgrim Feedparser
Mark Pilgrim Feedparser 3.0
Mark Pilgrim Feedparser 5.1
Mark Pilgrim Feedparser 3.3
Mark Pilgrim Feedparser 3.1
Mark Pilgrim Feedparser 4.1
Mark Pilgrim Feedparser 4.0.1
Mark Pilgrim Feedparser 5.0
Mark Pilgrim Feedparser 3.2
Mark Pilgrim Feedparser 4.0.2
Mark Pilgrim Feedparser 3.0.1
Mark Pilgrim Feedparser 5.0.1
Mark Pilgrim Feedparser 4.0
NA
CVE-2012-0860
Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) prior to 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/.
Redhat Enterprise Virtualization Manager 2.2
Redhat Enterprise Virtualization Manager
Redhat Enterprise Virtualization Manager 2.2.3
Redhat Enterprise Virtualization Manager 2.1
NA
CVE-2009-0668
Unspecified vulnerability in Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to execute arbitrary Python code via vectors involving the ZEO network protocol.
Zope Zodb 3.8.0
Zope Zodb 3.7
Zope Zodb 3.2.4
Zope Zodb 3.1
Zope Zodb 3.6
Zope Zodb 3.5
Zope Zodb 3.1.1
Zope Zodb 2.9.11
Zope Zodb
Zope Zodb 3.3.3
Zope Zodb 3.2
Zope Zodb 2.10.9
Zope Zodb 3.4
Zope Zodb 3.4.1
Zope Zodb 3.3
Zope Zodb 2.8.11
Zope Zodb 2.11.4
6.1
CVSSv3
CVE-2021-32052
In Django 2.2 prior to 2.2.22, 3.1 prior to 3.1.10, and 3.2 prior to 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur....
Djangoproject Django
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2021-31542
In Django 2.2 prior to 2.2.21, 3.1 prior to 3.1.9, and 3.2 prior to 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
NA
CVE-2012-5493
gtbn.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 3.1.7
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 2.5.3
Plone Plone 4.2
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »