Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-18207
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python up to and including 3.6.4 does not ensure a nonzero channel value, which allows malicious users to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disput...
Python Python
605
VMScore
CVE-2008-1679
Multiple integer overflows in imageop.c in Python prior to 2.5.3 allow context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete ...
Python Python
NA
CVE-2023-27043
The email module of Python up to and including 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in w...
Python Python
446
VMScore
CVE-2018-20852
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python prior to 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has ...
Python Python
445
VMScore
CVE-2013-1753
The gzip_decode function in the xmlrpc client library in Python 3.4 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a crafted HTTP request.
Python Python
384
VMScore
CVE-2019-18348
An issue exists in urllib2 in Python 2.x up to and including 2.7.17 and urllib in Python 3.x up to and including 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in ...
Python Python
409
VMScore
CVE-2002-1119
os._execvpe from os.py in Python 2.2.1 and previous versions creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
Python Python
829
VMScore
CVE-2019-13404
The MSI installer for Python up to and including 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases prior to 3.5.) NOTE: the vendor's position is that it is the user&...
Python Python
668
VMScore
CVE-2006-4980
Buffer overflow in the repr function in Python 2.3 up to and including 2.6 prior to 20060822 allows context-dependent malicious users to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
Python Python
760
VMScore
CVE-2008-4864
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 up to and including 2.5.1 allow context-dependent malicious users to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to ...
Python Python
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »