Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2010-2089
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent malicious users to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated ...
Python Python
1 EDB exploit
NA
CVE-2021-28861
Python 3.x up to and including 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html d...
Python Python 3.11.0
Python Python
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.2
CVSSv2
CVE-2011-4211
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK prior to 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS ...
Google App Engine Python Sdk 1.0.1
Google App Engine Python Sdk 1.0.2
Google App Engine Python Sdk 1.1.6
Google App Engine Python Sdk 1.1.7
Google App Engine Python Sdk 1.2.4
Google App Engine Python Sdk 1.2.5
Google App Engine Python Sdk 1.3.5
Google App Engine Python Sdk 1.3.6
Google App Engine Python Sdk 1.5.0
Google App Engine Python Sdk 1.5.1
Google App Engine Python Sdk
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.2.2
Google App Engine Python Sdk 1.3.3
Google App Engine Python Sdk 1.3.4
Google App Engine Python Sdk 1.4.2
Google App Engine Python Sdk 1.4.3
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.8
7.2
CVSSv2
CVE-2011-4212
The sandbox environment in the Google App Engine Python SDK prior to 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference wi...
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.2
Google App Engine Python Sdk 1.2.0
Google App Engine Python Sdk 1.2.3
Google App Engine Python Sdk 1.3.0
Google App Engine Python Sdk 1.3.1
Google App Engine Python Sdk 1.3.8
Google App Engine Python Sdk 1.4.0
Google App Engine Python Sdk 1.0.2
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.8
Google App Engine Python Sdk 1.1.9
Google App Engine Python Sdk 1.2.6
Google App Engine Python Sdk 1.2.7
Google App Engine Python Sdk 1.3.6
Google App Engine Python Sdk 1.3.7
Google App Engine Python Sdk 1.5.2
Google App Engine Python Sdk 1.1.3
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.2.2
6.8
CVSSv2
CVE-2011-1364
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK prior to 1.5.4 allows remote malicious users to hijack the authentication of administrators fo...
Google App Engine Python Sdk
Google App Engine Python Sdk 1.1.4
Google App Engine Python Sdk 1.1.5
Google App Engine Python Sdk 1.2.2
Google App Engine Python Sdk 1.1.2
Google App Engine Python Sdk 1.1.3
Google App Engine Python Sdk 1.2.0
Google App Engine Python Sdk 1.2.3
Google App Engine Python Sdk 1.2.1
Google App Engine Python Sdk 1.3.1
Google App Engine Python Sdk 1.3.2
Google App Engine Python Sdk 1.4.0
Google App Engine Python Sdk 1.4.1
Google App Engine Python Sdk 1.1.0
Google App Engine Python Sdk 1.1.1
Google App Engine Python Sdk 1.1.8
Google App Engine Python Sdk 1.1.9
Google App Engine Python Sdk 1.2.7
Google App Engine Python Sdk 1.3.0
Google App Engine Python Sdk 1.3.7
Google App Engine Python Sdk 1.3.8
Google App Engine Python Sdk 1.5.2
NA
CVE-2023-38898
An issue in Python cpython v.3.7 allows an malicious user to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) the...
Python Python 3.13.0
NA
CVE-2023-33595
CPython v3.12.0 alpha 7 exists to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
Python Python 3.12.0
5
CVSSv2
CVE-2009-4134
Buffer underflow in the rgbimg module in Python 2.5 allows remote malicious users to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.
Python Python 2.5.0
5
CVSSv2
CVE-2011-1015
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote malicious users to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.
Python Python 3.0
7.5
CVSSv2
CVE-2010-1449
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote malicious users to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.
Python Python 2.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »