Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
virtualenv vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4617
virtualenv.py in virtualenv prior to 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
Python Virtualenv
Python Virtualenv 0.8
Python Virtualenv 0.8.1
Python Virtualenv 0.8.2
Python Virtualenv 0.8.3
Python Virtualenv 0.8.4
Python Virtualenv 0.9
Python Virtualenv 0.9.1
Python Virtualenv 0.9.2
Python Virtualenv 1.0
Python Virtualenv 1.1
Python Virtualenv 1.1.1
9.8
CVSSv3
CVE-2024-53899
virtualenv prior to 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
Virtualenv Virtualenv
7.8
CVSSv3
CVE-2020-11073
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0
Autoswitch Python Virtualenv Project Autoswitch Python Virtualenv
5.9
CVSSv3
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip prior to 1.5 uses insecure DNS querying and authenticity checks which allows malicious users to perform man-in-the-middle attacks.
Pypa Pip
Virtualenv Virtualenv 12.0.7
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Redhat Openshift 1.0
Redhat Openshift 2.0
Redhat Software Collections -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
NA
CVE-2018-17793
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
1 EDB exploit
9.8
CVSSv3
CVE-2021-3769
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-...
Planetargon Oh My Zsh
9.8
CVSSv3
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...
Python Urllib3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
7.5
CVSSv3
CVE-2018-18074
The Requests package prior to 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote malicious users to discover credentials by sniffing the network.
Python Requests
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
6 Github repositories
6.1
CVSSv3
CVE-2019-11236
In the urllib3 library up to and including 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Python Urllib3
1 Github repository
5.3
CVSSv3
CVE-2024-29735
Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 up to and including 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuratio...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SQL injection
CVE-2024-52320
SQL
logic flaw
CVE-2024-6387
CVE-2024-11457
CVE-2024-11329
CVE-2024-50404
CVE-2023-48788
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »