Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Python Python
7 Github repositories
1 Article
5
CVSSv2
CVE-2018-20852
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python prior to 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has ...
Python Python
7.5
CVSSv2
CVE-2008-3143
Multiple integer overflows in Python prior to 2.5.2 might allow context-dependent malicious users to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9)...
Python Python
NA
CVE-2023-40217
An issue exists in Python prior to 3.8.18, 3.9.x prior to 3.9.18, 3.10.x prior to 3.10.13, and 3.11.x prior to 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buf...
Python Python
1 Github repository
4.6
CVSSv2
CVE-2002-1119
os._execvpe from os.py in Python 2.2.1 and previous versions creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
Python Python
NA
CVE-2023-36632
The legacy email.utils.parseaddr function in Python up to and including 3.11.4 allows malicious users to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from a...
Python Python
5
CVSSv2
CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and previous versions allow context-dependent malicious users to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting ...
Python Python
7.5
CVSSv2
CVE-2006-4980
Buffer overflow in the repr function in Python 2.3 up to and including 2.6 prior to 20060822 allows context-dependent malicious users to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
Python Python
7.5
CVSSv2
CVE-2008-2315
Multiple integer overflows in Python 2.5.2 and previous versions allow context-dependent malicious users to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and...
Python Python
7.5
CVSSv2
CVE-2008-2316
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and previous versions might allow context-dependent malicious users to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
Python Python
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »