Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 1.6.1 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-40829
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.4.2), Python (versions before 1.6.1), C++ (versions before 1.12.7) and Node.js (versions before 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Auth...
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
4.7
CVSSv3
CVE-2019-15795
python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and previous versions. This allows a man-in-the-middle attack which could potentially be used to install altered packages and...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
4.7
CVSSv3
CVE-2019-15796
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and previous versions. This allows downloads from unsigned repositories which shouldn...
Ubuntu Python-apt 0.8.0
Ubuntu Python-apt 0.8.1
Ubuntu Python-apt 0.8.3
Ubuntu Python-apt 0.8.9.1
Ubuntu Python-apt 0.9.0
Ubuntu Python-apt 0.9.1
Ubuntu Python-apt 0.9.3.1
Ubuntu Python-apt 0.9.3.2
Ubuntu Python-apt 0.9.3.3
Ubuntu Python-apt 0.9.3.4
Ubuntu Python-apt 0.9.3.5
Ubuntu Python-apt 1.0.1
Ubuntu Python-apt 1.1.0
Debian Python-apt 1.8.4
Ubuntu Python-apt 1.4.0
Ubuntu Python-apt 1.6.0
Ubuntu Python-apt 1.6.1
Ubuntu Python-apt 1.6.2
Ubuntu Python-apt 1.6.3
Ubuntu Python-apt 1.6.4
Ubuntu Python-apt 1.8.4
Ubuntu Python-apt 1.9.0
NA
CVE-2015-5144
Django prior to 1.4.21, 1.5.x up to and including 1.6.x, 1.7.x prior to 1.7.9, and 1.8.x prior to 1.8.3 uses an incorrect regular expression, which allows remote malicious users to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an ...
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Djangoproject Django 1.7.5
Djangoproject Django 1.5
Djangoproject Django 1.5.7
Djangoproject Django 1.5.1
Djangoproject Django 1.7.9
Djangoproject Django 1.7.3
Djangoproject Django 1.6
Djangoproject Django 1.6.7
Djangoproject Django 1.8.2
Djangoproject Django 1.7
Djangoproject Django 1.6.5
Djangoproject Django 1.5.3
Djangoproject Django 1.7.7
Djangoproject Django 1.8.1
Djangoproject Django 1.5.4
Djangoproject Django 1.5.12
Djangoproject Django 1.6.8
Djangoproject Django 1.8
NA
CVE-2015-2316
The utils.html.strip_tags function in Django 1.6.x prior to 1.6.11, 1.7.x prior to 1.7.7, and 1.8.x prior to 1.8c1, when using certain versions of Python, allows remote malicious users to cause a denial of service (infinite loop) by increasing the length of the input string.
Oracle Solaris 11.2
Djangoproject Django 1.7.5
Djangoproject Django 1.7.3
Djangoproject Django 1.6
Djangoproject Django 1.6.7
Djangoproject Django 1.7
Djangoproject Django 1.6.5
Djangoproject Django 1.6.8
Djangoproject Django 1.6.6
Djangoproject Django 1.7.2
Djangoproject Django 1.7.4
Djangoproject Django 1.6.10
Djangoproject Django 1.6.3
Djangoproject Django 1.7.6
Djangoproject Django 1.8.0
Djangoproject Django 1.6.4
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.6.9
Djangoproject Django 1.7.1
Fedoraproject Fedora 22
Canonical Ubuntu Linux 12.04
NA
CVE-2015-2317
The utils.http.is_safe_url function in Django prior to 1.4.20, 1.5.x, 1.6.x prior to 1.6.11, 1.7.x prior to 1.7.7, and 1.8.x prior to 1.8c1 does not properly validate URLs, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a control character i...
Fedoraproject Fedora 22
Debian Debian Linux 7.0
Opensuse Opensuse 13.2
Djangoproject Django 1.7.5
Djangoproject Django 1.5
Djangoproject Django 1.5.7
Djangoproject Django 1.5.1
Djangoproject Django 1.7.3
Djangoproject Django 1.6
Djangoproject Django
Djangoproject Django 1.6.7
Djangoproject Django 1.7
Djangoproject Django 1.6.5
Djangoproject Django 1.5.3
Djangoproject Django 1.5.4
Djangoproject Django 1.5.12
Djangoproject Django 1.6.8
Djangoproject Django 1.5.10
Djangoproject Django 1.6.6
Djangoproject Django 1.5.5
Djangoproject Django 1.7.2
Djangoproject Django 1.7.4
NA
CVE-2015-0219
Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 allows remote malicious users to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Djangoproject Django
Djangoproject Django 1.6.7
Djangoproject Django 1.6.5
Djangoproject Django 1.6.8
Djangoproject Django 1.6.6
Djangoproject Django 1.7.2
Djangoproject Django 1.6.3
Djangoproject Django 1.6
Djangoproject Django 1.6.4
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.7
Djangoproject Django 1.6.9
Djangoproject Django 1.7.1
NA
CVE-2015-0220
The django.util.http.is_safe_url function in Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 does not properly handle leading whitespaces, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redir...
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
Djangoproject Django
Djangoproject Django 1.6.7
Djangoproject Django 1.6.5
Djangoproject Django 1.6.8
Djangoproject Django 1.6.6
Djangoproject Django 1.7.2
Djangoproject Django 1.6.3
Djangoproject Django 1.6
Djangoproject Django 1.6.4
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.7
Djangoproject Django 1.6.9
Djangoproject Django 1.7.1
NA
CVE-2015-0221
The django.views.static.serve view in Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 reads files an entire line at a time, which allows remote malicious users to cause a denial of service (memory consumption) via a long line in a file.
Djangoproject Django
Djangoproject Django 1.6.7
Djangoproject Django 1.6.5
Djangoproject Django 1.6.8
Djangoproject Django 1.6.6
Djangoproject Django 1.7.2
Djangoproject Django 1.6.3
Djangoproject Django 1.6
Djangoproject Django 1.6.4
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.7
Djangoproject Django 1.6.9
Djangoproject Django 1.7.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »