Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python requests vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2008-4126
PyDNS (aka python-dns) prior to 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote malicious users to spoof DNS responses, a different vulnerability than CVE-2008-...
Debian Python-dns
Debian Python-dns 2.3.0-1
Debian Python-dns 2.3.0-2
Debian Python-dns 2.3.0-3
Debian Python-dns 2.3.0-4
Debian Python-dns 2.3.0-5
Debian Python-dns 2.3.0-5.1
Debian Python-dns 2.3.0-6
Debian Python-dns 2.3.1-1
Debian Python-dns 2.3.1-2
Debian Python-dns 2.3.1-3
6
CVSSv2
CVE-2014-0105
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) prior to 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large num...
Openstack Python-keystoneclient 0.3.1
Openstack Python-keystoneclient 0.2.2
Openstack Python-keystoneclient
Openstack Python-keystoneclient 0.3.0
Openstack Python-keystoneclient 0.2.4
Openstack Python-keystoneclient 0.3.2
Openstack Python-keystoneclient 0.2.3
5.8
CVSSv2
CVE-2021-32677
FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forge...
Tiangolo Fastapi
Fedoraproject Fedora 34
1 Github repository
5.8
CVSSv2
CVE-2021-21273
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when ca...
Matrix Synapse
Fedoraproject Fedora 34
5.8
CVSSv2
CVE-2020-28473
The package bottle from 0 and prior to 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the pr...
Bottlepy Bottle
Debian Debian Linux 9.0
5.8
CVSSv2
CVE-2016-1000110
The CGIHandler class in Python prior to 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote malicious user to redirect HTTP requests.
Python Python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 23
1 Article
5.8
CVSSv2
CVE-2011-4136
django.contrib.sessions in Django prior to 1.2.7 and 1.3.x prior to 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote malicious users to modify a session by triggering use of a key ...
Djangoproject Django
Djangoproject Django 1.2.5
Djangoproject Django 0.95
Djangoproject Django 1.0
Djangoproject Django 1.3
Djangoproject Django 1.1.2
Djangoproject Django 1.0.1
Djangoproject Django 1.1
Djangoproject Django 1.2.1
Djangoproject Django 1.2.4
Djangoproject Django 0.91
Djangoproject Django 1.0.2
Djangoproject Django 1.2.3
Djangoproject Django 1.1.3
Djangoproject Django 1.2
Djangoproject Django 0.95.1
Djangoproject Django 0.96
Djangoproject Django 1.1.0
Djangoproject Django 1.2.2
5.8
CVSSv2
CVE-2008-3909
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks and delete or modify data vi...
Django Project Django 0.91
Django Project Django 0.96
Django Project Django 0.95
5
CVSSv2
CVE-2022-24761
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one requ...
Agendaless Waitress
Debian Debian Linux 9.0
5
CVSSv2
CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n'...
Python Python 3.10.0
Python Python
Netapp Ontap Select Deploy Administration Utility -
Netapp Hci -
Netapp Hci Compute Node -
Netapp Management Services For Element Software -
Netapp Solidfire, Enterprise Sds & Hci Storage Node -
Netapp Active Iq Unified Manager -
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »