Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2018-0015
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If ...
Juniper Appformix
8.5
CVSSv2
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
Odoo Odoo 10.0
Odoo Odoo 9.0
Odoo Odoo 8.0
1 EDB exploit
8.5
CVSSv2
CVE-2014-2331
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
Check Mk Project Check Mk
8.5
CVSSv2
CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Plone Plone 1.0
Plone Plone 1.0.1
Plone Plone 1.0.2
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 2.1.4
Plone Plone 2.5
Plone Plone 3.1.1
Plone Plone 3.1.2
Plone Plone 3.1.3
Plone Plone 3.1.4
Plone Plone 4.0
Plone Plone 4.0.1
Plone Plone 4.0.2
Plone Plone 4.0.3
Plone Plone 4.2
Plone Plone 4.2.0.1
Plone Plone 4.2.1.1
Plone Plone 4.2.1
Plone Plone 2.0
Plone Plone 2.0.1
Plone Plone 2.0.2
8.5
CVSSv2
CVE-2012-5493
gtbn.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 3.1.7
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 2.5.3
Plone Plone 4.2
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
8.5
CVSSv2
CVE-2010-2235
template_api.py in Cobbler prior to 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute ...
Michael Dehaan Cobbler 1.0.2
Michael Dehaan Cobbler 1.6.1
Michael Dehaan Cobbler 1.2.0
Michael Dehaan Cobbler 1.6.8
Michael Dehaan Cobbler 1.2.8
Michael Dehaan Cobbler 1.6.6-1
Michael Dehaan Cobbler 2.0.0
Michael Dehaan Cobbler 0.2.3
Michael Dehaan Cobbler 1.2.2
Michael Dehaan Cobbler 0.2.7
Michael Dehaan Cobbler 0.3.5
Michael Dehaan Cobbler 2.0.1-1
Michael Dehaan Cobbler 0.3.0
Michael Dehaan Cobbler 1.4.3-4
Michael Dehaan Cobbler 1.2.6
Michael Dehaan Cobbler 0.4.0
Michael Dehaan Cobbler 1.2.3
Michael Dehaan Cobbler 0.4.3
Michael Dehaan Cobbler 0.8.1
Michael Dehaan Cobbler 1.3.3
Michael Dehaan Cobbler 1.6.3
Michael Dehaan Cobbler 1.6.8-1
8.5
CVSSv2
CVE-2008-1000
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
Apple Mac Os X 10.5.2
Apple Mac Os X Server 10.5.2
1 EDB exploit
8
CVSSv2
CVE-2015-20107
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow malicious users to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack va...
Python Python
Netapp Snapcenter -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
2 Github repositories
7.8
CVSSv2
CVE-2020-7212
The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 up to and including 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not...
Python Urllib3
7.8
CVSSv2
CVE-2019-19588
The validators package 0.12.2 up to and including 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6.
Validators Project Validators
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »