Skip to main content

Python

2173 CVEs product

Monthly

CVE-2019-12410 LIB HIGH PATCH This Week

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache Arrow
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-12408 LIB HIGH PATCH This Week

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache Arrow
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-5010 HIGH POC THREAT This Week

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Python Leap Debian Linux +4
NVD
CVSS 3.1
7.5
EPSS
21.4%
CVE-2019-18348 MEDIUM This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python
NVD
CVSS 3.1
6.1
EPSS
3.5%
CVE-2019-17526 CRITICAL POC PATCH Act Now

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Sagemathcell
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-17664 HIGH This Week

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Python Information Disclosure Ghidra
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-17626 PyPI CRITICAL POC PATCH THREAT Act Now

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Reportlab
NVD
CVSS 3.1
9.8
EPSS
10.2%
CVE-2019-17514 HIGH POC This Week

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
4.7%
CVE-2019-16935 MEDIUM POC This Month

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
4.7%
CVE-2019-16729 HIGH PATCH This Week

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Pam Python Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-9855 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Libreoffice Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-9854 HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-16056 HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-15903 HIGH POC PATCH This Week

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libexpat Python
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2019-11457 PyPI HIGH This Week

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF Django Crm
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-15486 PyPI MEDIUM PATCH This Month

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Js Reserve
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2019-7617 PyPI HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure Apm Agent
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2019-9852 HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-9851 CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux Debian Linux Fedora +2
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
78.3%
CVE-2019-9850 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-14234 PyPI CRITICAL PATCH Act Now

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Python Django Fedora +1
NVD
CVSS 3.0
9.8
EPSS
47.7%
CVE-2019-10099 LIB HIGH PATCH This Week

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Spark
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-14347 HIGH POC This Week

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Python Information Disclosure Adive
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
9.3%
CVE-2019-14235 PyPI HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django Leap
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-14233 PyPI HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django Leap
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-14232 PyPI HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django Leap
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-10138 PyPI HIGH PATCH This Week

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Red Hat Novajoin
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2019-1010083 PyPI HIGH PATCH This Week

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Flask
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2019-9848 CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE Libreoffice Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
31.2%
CVE-2019-13611 PyPI HIGH PATCH This Week

An issue was discovered in python-engineio through 3.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF Python Engineio
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-5629 HIGH POC This Week

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Python Insight Agent
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-13404 HIGH This Week

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Python Information Disclosure
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-13177 PyPI CRITICAL POC PATCH Act Now

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Python Information Disclosure Django Rest Registration
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12781 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2019-12900 CRITICAL PATCH Act Now

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Bzip2 Debian Linux Leap +3
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2019-10160 CRITICAL PATCH Act Now

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server +10
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2019-12761 PyPI HIGH POC PATCH This Week

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Python RCE Pyxdg
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-9189 HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.4.9api3 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Python RCE Flexair
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
11.6%
CVE-2019-12308 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2019-1727 MEDIUM This Month

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Python Nx Os
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2019-3558 HIGH PATCH This Week

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Thrift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-11340 PyPI MEDIUM PATCH This Month

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Sydent
NVD GitHub
CVSS 3.0
5.9
EPSS
1.9%
CVE-2019-11324 PyPI HIGH PATCH This Week

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.8%
CVE-2019-11236 PyPI MEDIUM POC PATCH This Month

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Urllib3
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-10633 HIGH POC This Week

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Zyxel Nas326 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2019-9948 CRITICAL POC PATCH THREAT Act Now

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Leap Debian Linux Fedora +7
NVD GitHub
CVSS 3.1
9.1
EPSS
11.8%
CVE-2019-9947 MEDIUM POC This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Python
NVD
CVSS 3.1
6.1
EPSS
5.6%
CVE-2019-7537 PyPI CRITICAL POC PATCH Act Now

An issue was discovered in Donfig 0.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Donfig
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-6690 PyPI HIGH PATCH This Week

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Python Gnupg Debian Linux Leap +2
NVD
CVSS 3.1
7.5
EPSS
8.5%
CVE-2019-5729 PyPI HIGH PATCH This Week

Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Splunk Python Information Disclosure Software Development Kit
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2019-9740 MEDIUM POC This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Python
NVD
CVSS 3.1
6.1
EPSS
5.3%
CVE-2019-9636 CRITICAL PATCH Act Now

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Leap Debian Linux +12
NVD GitHub
CVSS 3.1
9.8
EPSS
9.1%
CVE-2019-6975 PyPI HIGH PATCH This Week

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Python Django Ubuntu Linux Fedora
NVD
CVSS 3.0
7.5
EPSS
5.4%
CVE-2019-7653 CRITICAL POC Act Now

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Debian Rdflib Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-2435 PyPI HIGH PATCH This Week

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Oracle Mysql Connectors Active Iq Unified Manager +2
NVD
CVSS 3.1
8.1
EPSS
2.5%
CVE-2019-6446 PyPI CRITICAL POC PATCH THREAT Act Now

An issue was discovered in NumPy before 1.16.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Deserialization Numpy Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
17.1%
CVE-2019-3498 PyPI MEDIUM PATCH This Month

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django Debian Linux Ubuntu Linux +1
NVD
CVSS 3.0
6.5
EPSS
3.7%
CVE-2019-3575 PyPI HIGH POC PATCH This Week

Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE Sqla Yaml Fixtures
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-20406 HIGH POC PATCH This Week

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Python Debian Linux Fedora
NVD GitHub
CVSS 3.0
7.5
EPSS
5.8%
CVE-2018-20325 PyPI CRITICAL POC Act Now

There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python Definitions
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-20061 HIGH This Week

A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Python Erpnext
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-19646 CRITICAL POC Act Now

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Securesphere
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-6012 CRITICAL POC Act Now

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python Mini 8 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-7431 MEDIUM This Month

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Python Path Traversal
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-18074 PyPI HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests Ubuntu Linux Leap +3
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2018-14649 CRITICAL POC PATCH THREAT Act Now

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat Python Command Injection Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-1000808 PyPI MEDIUM PATCH This Month

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Python Pyopenssl Ubuntu Linux Gluster Storage +4
NVD GitHub
CVSS 3.0
5.9
EPSS
1.9%
CVE-2018-1000807 PyPI HIGH PATCH This Week

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Use After Free Python Denial Of Service Memory Corruption +6
NVD GitHub
CVSS 3.1
8.1
EPSS
4.1%
CVE-2018-16984 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Django
NVD
CVSS 3.0
4.9
EPSS
2.0%
CVE-2018-14647 HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux Debian Linux Fedora +4
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2018-17175 PyPI MEDIUM PATCH This Month

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Marshmallow
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-1000802 CRITICAL PATCH Act Now

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Command Injection Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
20.8%
CVE-2018-12175 HIGH This Week

Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Python Distribution For Python
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-16552 PyPI HIGH POC This Week

MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Python Django Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2018-16516 PyPI MEDIUM POC PATCH This Month

helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Flask Admin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-14572 PyPI HIGH POC This Week

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Conference Scheduler Cli
NVD GitHub
CVSS 3.0
7.8
EPSS
2.4%
CVE-2018-1000656 PyPI HIGH PATCH This Week

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Flask Active Iq Hyper Converged Infrastructure +1
NVD GitHub
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-14574 PyPI MEDIUM POC PATCH THREAT This Month

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Open Redirect Django Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.1
EPSS
25.5%
CVE-2018-3650 HIGH This Week

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Python Distribution For Python
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10903 PyPI HIGH PATCH This Week

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Python Cryptography Openstack Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-1061 HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux Ansible Tower Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-1060 HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora Ubuntu Linux Ansible Tower +4
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2018-2753 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). Rated medium severity (CVSS 6.0).

Oracle Authentication Bypass Python Solaris
NVD
CVSS 3.0
6.0
EPSS
0.5%
CVE-2018-0023 PyPI MEDIUM PATCH This Month

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Python Juniper Jsnapy
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1000089 PyPI HIGH PATCH This Week

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Django Anymail
NVD GitHub
CVSS 3.0
7.4
EPSS
1.2%
CVE-2018-7537 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Ubuntu Linux Django Debian Linux
NVD
CVSS 3.0
5.3
EPSS
4.6%
CVE-2018-7536 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Ubuntu Linux Django Debian Linux +1
NVD GitHub
CVSS 3.0
5.3
EPSS
4.8%
CVE-2018-7889 HIGH POC PATCH This Week

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Python Calibre
NVD GitHub
CVSS 3.0
7.8
EPSS
4.7%
CVE-2018-1000117 MEDIUM PATCH This Month

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft RCE Python Privilege Escalation
NVD GitHub
CVSS 3.1
6.7
EPSS
1.1%
CVE-2018-0015 HIGH This Week

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Juniper Appformix
NVD
CVSS 3.0
7.5
EPSS
1.1%
EPSS 5% CVSS 7.5
HIGH PATCH This Week

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Apache +1
NVD
EPSS 21% CVSS 7.5
HIGH POC THREAT This Week

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Python +6
NVD
EPSS 4% CVSS 6.1
MEDIUM This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Sagemathcell
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Python Information Disclosure +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Reportlab
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
EPSS 5% CVSS 6.1
MEDIUM POC This Month

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Debian Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Pam Python +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice +5
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +8
NVD GitHub
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libexpat +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python CSRF Django Crm
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Js Reserve
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Python Information Disclosure +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux +4
NVD
EPSS 78% CVSS 9.8
CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux +4
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux +4
NVD
EPSS 48% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PostgreSQL Python +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Spark
NVD
EPSS 9% CVSS 8.8
HIGH POC This Week

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Python Information Disclosure +1
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Red Hat +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Flask
NVD
EPSS 31% CVSS 9.8
CRITICAL Act Now

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Python RCE +5
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in python-engineio through 3.8.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Python CSRF Python Engineio
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Python Insight Agent
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Python +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Python Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django +2
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Bzip2 +5
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Enterprise Linux Desktop +12
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD GitHub
EPSS 12% CVSS 8.8
HIGH POC THREAT This Week

Prima Systems FlexAir, Versions 2.4.9api3 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Python RCE +1
NVD Exploit-DB
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Django
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Python +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Thrift
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Sydent
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Urllib3
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +2
NVD
EPSS 12% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Leap +9
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Python
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in Donfig 0.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Donfig
NVD GitHub
EPSS 9% CVSS 7.5
HIGH PATCH This Week

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Python Gnupg +4
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Splunk Python Information Disclosure +1
NVD
EPSS 5% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Python
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +14
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Python Django +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python Debian +3
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Python Oracle +4
NVD
EPSS 17% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in NumPy before 1.16.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Deserialization +2
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django +3
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Python RCE +1
NVD GitHub
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Python +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Python Erpnext
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Command Injection Securesphere
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Python Path Traversal
NVD
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests +5
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat Python Command Injection +5
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Python Pyopenssl +6
NVD GitHub
EPSS 4% CVSS 8.1
HIGH PATCH This Week

Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Use After Free Python +8
NVD GitHub
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Django
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux +6
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Marshmallow
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL PATCH Act Now

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Command Injection +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Python +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Python Django Crm
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Flask Admin
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Flask +3
NVD GitHub
EPSS 25% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Open Redirect Django +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Python +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Python Cryptography +2
NVD GitHub
EPSS 5% CVSS 7.5
HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux +6
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora +6
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). Rated medium severity (CVSS 6.0).

Oracle Authentication Bypass Python +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

JSNAPy is an open source python version of Junos Snapshot Administrator developed by Juniper available through github. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Python Juniper +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Django Anymail
NVD GitHub
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Ubuntu Linux +2
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Ubuntu Linux +3
NVD GitHub
EPSS 5% CVSS 7.8
HIGH POC PATCH This Week

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Python +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft RCE +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Juniper +1
NVD
Prev Page 22 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy