Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-5652
Untrusted search path vulnerability in python.exe in Python up to and including 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime beha...
Python Python
5.5
CVSSv3
CVE-2020-8315
In Python (CPython) 3.6 up to and including 3.6.10, 3.7 up to and including 3.7.6, and 3.8 up to and including 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the...
Python Python
NA
CVE-2004-0150
Buffer overflow in the getaddrinfo function in Python 2.2 prior to 2.2.2, when IPv6 support is disabled, allows remote malicious users to execute arbitrary code via an IPv6 address that is obtained using DNS.
Python Python
NA
CVE-2008-3143
Multiple integer overflows in Python prior to 2.5.2 might allow context-dependent malicious users to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9)...
Python Python
NA
CVE-2008-3144
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and previous versions allow context-dependent malicious users to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting ...
Python Python
5.3
CVSSv3
CVE-2023-40217
An issue exists in Python prior to 3.8.18, 3.9.x prior to 3.9.18, 3.10.x prior to 3.10.13, and 3.11.x prior to 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buf...
Python Python
1 Github repository
7.5
CVSSv3
CVE-2023-36632
The legacy email.utils.parseaddr function in Python up to and including 3.11.4 allows malicious users to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from a...
Python Python
6.1
CVSSv3
CVE-2019-18348
An issue exists in urllib2 in Python 2.x up to and including 2.7.17 and urllib in Python 3.x up to and including 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in ...
Python Python
NA
CVE-2007-4559
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote malicious users to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Python Python
6 Github repositories
1 Article
6.5
CVSSv3
CVE-2017-18207
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python up to and including 3.6.4 does not ensure a nonzero channel value, which allows malicious users to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disput...
Python Python
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »