Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 3.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-28346
An issue exists in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7 Github repositories
NA
CVE-2012-2921
Universal Feed Parser (aka feedparser or python-feedparser) prior to 5.1.2 allows remote malicious users to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
Mark Pilgrim Feedparser 5.1.2
Mark Pilgrim Feedparser
Mark Pilgrim Feedparser 3.0
Mark Pilgrim Feedparser 5.1
Mark Pilgrim Feedparser 3.3
Mark Pilgrim Feedparser 3.1
Mark Pilgrim Feedparser 4.1
Mark Pilgrim Feedparser 4.0.1
Mark Pilgrim Feedparser 5.0
Mark Pilgrim Feedparser 3.2
Mark Pilgrim Feedparser 4.0.2
Mark Pilgrim Feedparser 3.0.1
Mark Pilgrim Feedparser 5.0.1
Mark Pilgrim Feedparser 4.0
7.5
CVSSv3
CVE-2023-36053
In Django 3.2 prior to 3.2.20, 4 prior to 4.1.10, and 4.2 prior to 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.
Djangoproject Django
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
1 Github repository
NA
CVE-2009-0668
Unspecified vulnerability in Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to execute arbitrary Python code via vectors involving the ZEO network protocol.
Zope Zodb 3.8.0
Zope Zodb 3.7
Zope Zodb 3.2.4
Zope Zodb 3.1
Zope Zodb 3.6
Zope Zodb 3.5
Zope Zodb 3.1.1
Zope Zodb 2.9.11
Zope Zodb
Zope Zodb 3.3.3
Zope Zodb 3.2
Zope Zodb 2.10.9
Zope Zodb 3.4
Zope Zodb 3.4.1
Zope Zodb 3.3
Zope Zodb 2.8.11
Zope Zodb 2.11.4
6.1
CVSSv3
CVE-2021-32052
In Django 2.2 prior to 2.2.22, 3.1 prior to 3.1.10, and 3.2 prior to 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur....
Djangoproject Django
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2023-23969
In Django 3.2 prior to 3.2.17, 4.0 prior to 4.0.9, and 4.1 prior to 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Langua...
Djangoproject Django
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2022-41323
In Django 3.2 prior to 3.2.16, 4.0 prior to 4.0.8, and 4.1 prior to 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.
Djangoproject Django
5.3
CVSSv3
CVE-2021-45452
Storage.save in Django 2.2 prior to 2.2.26, 3.2 prior to 3.2.11, and 4.0 prior to 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
Djangoproject Django
Fedoraproject Fedora 35
1 Github repository
9.8
CVSSv3
CVE-2022-28347
A SQL injection issue exists in QuerySet.explain() in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.
Djangoproject Django
Debian Debian Linux 11.0
2 Github repositories
7.5
CVSSv3
CVE-2021-31542
In Django 2.2 prior to 2.2.21, 3.1 prior to 3.1.9, and 3.2 prior to 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
Djangoproject Django
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »