Skip to main content

Python

2173 CVEs product

Monthly

CVE-2015-0692 HIGH This Week

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Python Privilege Escalation Web Security Appliance
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-2317 PyPI MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux Fedora Opensuse +3
NVD
CVSS 2.0
4.3
EPSS
4.3%
CVE-2015-2316 PyPI MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris Django Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-2241 PyPI MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Django
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8165 CRITICAL Act Now

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Powerpc Utils
NVD
CVSS 2.0
10.0
EPSS
5.3%
CVE-2015-0222 PyPI MEDIUM PATCH This Month

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Ubuntu Linux Django
NVD
CVSS 2.0
5.0
EPSS
5.1%
CVE-2015-0221 PyPI MEDIUM POC PATCH This Month

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Python Django Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
9.2%
CVE-2015-0220 PyPI MEDIUM POC PATCH This Month

The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Ubuntu Linux Django
NVD
CVSS 2.0
4.3
EPSS
2.5%
CVE-2015-0219 PyPI MEDIUM POC PATCH This Month

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Django
NVD
CVSS 2.0
5.0
EPSS
4.8%
CVE-2013-2131 MEDIUM POC THREAT This Month

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Denial Of Service Python Rrdtool
NVD GitHub Exploit-DB
CVSS 2.0
5.0
EPSS
12.9%
CVE-2014-9365 MEDIUM POC This Month

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
CVSS 2.0
5.8
EPSS
2.8%
CVE-2014-2667 LOW Monitor

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file. Rated low severity (CVSS 3.3). No vendor patch available.

Race Condition Python Authentication Bypass
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-1929 PyPI MEDIUM PATCH This Month

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists. Rated medium severity (CVSS 4.4).

Python Code Injection Python Gnupg
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-1928 PyPI MEDIUM POC PATCH This Month

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-1927 PyPI HIGH POC PATCH This Week

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2014-3593 MEDIUM This Month

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Python Code Injection Luci
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2014-1830 PyPI MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Opensuse Requests
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1829 PyPI MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Debian Linux Requests Ubuntu Linux +1
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-7185 MEDIUM POC This Month

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
CVSS 2.0
6.4
EPSS
1.1%
CVE-2014-7144 PyPI MEDIUM PATCH This Month

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware Python Keystoneclient
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5495 PyPI MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5493 PyPI HIGH PATCH This Week

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
8.5
EPSS
0.4%
CVE-2012-5488 PyPI MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5487 PyPI HIGH PATCH This Week

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Python Privilege Escalation Plone
NVD GitHub
CVSS 2.0
8.5
EPSS
0.7%
CVE-2012-5485 PyPI MEDIUM PATCH This Month

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Plone
NVD GitHub
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-5340 CRITICAL PATCH Act Now

The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Check Mk
NVD
CVSS 2.0
9.3
EPSS
3.0%
CVE-2014-0485 HIGH POC This Week

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection S3Ql
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-0483 PyPI LOW POC PATCH Monitor

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Python Privilege Escalation Opensuse Django
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-0482 PyPI MEDIUM PATCH This Month

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Opensuse Django
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2014-0481 PyPI MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload Opensuse Django +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-0480 PyPI MEDIUM PATCH This Month

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Opensuse Django
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-3589 PyPI MEDIUM PATCH This Month

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Python Imaging Pillow Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-2967 CRITICAL Act Now

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Python Vred
NVD
CVSS 2.0
10.0
EPSS
4.4%
CVE-2013-1068 MEDIUM PATCH This Month

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-3995 PyPI MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Djblets
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3994 PyPI MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Djblets Reviewboard
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-7323 PyPI HIGH POC PATCH This Week

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Python Gnupg
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2014-0224 HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server +12
NVD
CVSS 3.1
7.4
EPSS
89.7%
Threat
5.7
CVE-2013-4347 PyPI MEDIUM PATCH This Month

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Oauth2
NVD GitHub
CVSS 2.0
5.8
EPSS
0.4%
CVE-2013-4346 PyPI MEDIUM PATCH This Month

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Oauth2
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-7040 MEDIUM This Month

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Python Mac Os X
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3730 PyPI MEDIUM PATCH This Month

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Open Redirect Ubuntu Linux Django Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-1418 PyPI MEDIUM PATCH This Month

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django Ubuntu Linux
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2013-5655 MEDIUM This Month

Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Python Yingzhi Python Programming Language
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-1934 PyPI LOW PATCH Monitor

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.3).

Python Information Disclosure Eyed3 Opensuse
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-3007 PyPI CRITICAL PATCH Act Now

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Python Pillow Python Imaging Library
NVD VulDB
CVSS 2.0
10.0
EPSS
3.0%
CVE-2014-0474 PyPI CRITICAL PATCH Act Now

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Ubuntu Linux Django
NVD VulDB
CVSS 2.0
10.0
EPSS
4.0%
CVE-2014-0473 PyPI MEDIUM PATCH This Month

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF Python Privilege Escalation Django Ubuntu Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0472 PyPI MEDIUM PATCH This Month

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Django Ubuntu Linux
NVD VulDB
CVSS 2.0
5.1
EPSS
6.9%
CVE-2013-7338 HIGH POC PATCH This Week

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Python Mac Os X
NVD VulDB
CVSS 2.0
7.1
EPSS
7.8%
CVE-2014-1933 PyPI LOW POC PATCH Monitor

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Python Privilege Escalation Pillow Python Imaging Library
NVD GitHub VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-1932 PyPI MEDIUM POC PATCH This Month

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library. Rated medium severity (CVSS 4.4). Public exploit code available.

Python Information Disclosure Pillow Python Imaging Library
NVD GitHub VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-0105 PyPI MEDIUM PATCH This Month

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Python Authentication Bypass Python Keystoneclient
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2014-1895 MEDIUM PATCH This Month

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a. Rated medium severity (CVSS 5.8).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.8
EPSS
0.1%
CVE-2014-1894 MEDIUM PATCH This Month

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1893 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1891 MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
CVSS 2.0
5.2
EPSS
0.3%
CVE-2014-1912 HIGH POC PATCH THREAT Act Now

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.9%.

Python Buffer Overflow RCE Mac Os X
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
23.9%
CVE-2013-6396 PyPI MEDIUM PATCH This Month

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Swift
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2013-2191 PyPI MEDIUM PATCH This Month

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Bugzilla Fedora Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-6491 MEDIUM This Month

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Python Information Disclosure Oslo Openstack
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1624 PyPI LOW PATCH Monitor

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to. Rated low severity (CVSS 3.3).

Python Information Disclosure Pyxdg
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-1604 PyPI LOW PATCH Monitor

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Python Information Disclosure Rply
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2104 PyPI MEDIUM PATCH This Month

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Python Keystoneclient
NVD
CVSS 2.0
5.5
EPSS
0.8%
CVE-2013-0340 MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Ipados +4
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4482 MEDIUM This Month

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in. Rated medium severity (CVSS 6.2). No vendor patch available.

Python Information Disclosure Luci Enterprise Linux
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-2099 MEDIUM PATCH This Month

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Denial Of Service Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
5.2%
CVE-2013-6044 PyPI MEDIUM PATCH This Month

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django
NVD GitHub
CVSS 2.0
4.3
EPSS
4.1%
CVE-2013-4249 PyPI MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python XSS Django
NVD GitHub
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-2013 PyPI LOW PATCH Monitor

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Python Keystoneclient
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-5942 PyPI MEDIUM PATCH This Month

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Python Code Injection RCE Graphite
NVD GitHub
CVSS 2.0
6.8
EPSS
1.5%
CVE-2013-5093 PyPI MEDIUM POC PATCH THREAT This Month

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 83.6%.

Python Code Injection RCE Graphite
NVD Exploit-DB GitHub
CVSS 2.0
6.8
EPSS
83.6%
Threat
5.4
CVE-2013-1443 PyPI MEDIUM PATCH This Month

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Denial Of Service Authentication Bypass Django
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4315 PyPI MEDIUM PATCH This Month

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4111 PyPI MEDIUM PATCH This Month

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Glanceclient Opensuse
NVD GitHub
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-2072 HIGH This Week

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of. Rated high severity (CVSS 7.4). No vendor patch available.

Python Buffer Overflow Denial Of Service Xen Debian Linux
NVD
CVSS 2.0
7.4
EPSS
0.4%
CVE-2013-1909 PyPI MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure Enterprise Mrg Qpid
NVD
CVSS 2.0
5.8
EPSS
0.8%
CVE-2013-4238 MEDIUM PATCH This Month

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-2132 PyPI MEDIUM POC PATCH This Month

bson/_cbsonmodule.c in the mongo-python-driver (aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python Denial Of Service MongoDB Ubuntu Linux Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
2.2%
CVE-2013-0306 PyPI MEDIUM PATCH This Month

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Django Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-0305 PyPI MEDIUM PATCH This Month

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Django Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-1665 PyPI MEDIUM PATCH This Month

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure XXE Folsom Keystone Essex
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2013-1664 PyPI MEDIUM POC PATCH This Month

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Buffer Overflow Denial Of Service Cinder Folsom Compute Nova Essex +4
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-1808 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python XSS Zeroclipboard
NVD GitHub
CVSS 2.0
4.3
EPSS
1.9%
CVE-2012-5659 LOW POC Monitor

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Python Information Disclosure Automatic Bug Reporting Tool
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2012-0861 MEDIUM This Month

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents. Rated medium severity (CVSS 6.8). No vendor patch available.

Python Red Hat RCE Enterprise Virtualization Manager
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2012-0860 MEDIUM This Month

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1). Rated medium severity (CVSS 6.2). No vendor patch available.

Python Red Hat Information Disclosure Enterprise Virtualization Manager
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2012-4571 PyPI LOW PATCH Monitor

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Python Information Disclosure Keyring
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4520 PyPI MEDIUM PATCH This Month

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django
NVD GitHub
CVSS 2.0
6.4
EPSS
3.9%
CVE-2012-5825 PyPI MEDIUM POC PATCH This Month

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Python Information Disclosure Tweepy
NVD
CVSS 2.0
5.8
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH This Week

Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Python Privilege Escalation +1
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux +5
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris +4
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Django
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Python Powerpc Utils
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Ubuntu Linux +1
NVD
EPSS 9% CVSS 5.0
MEDIUM POC PATCH This Month

The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Python Django +1
NVD
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Ubuntu Linux +1
NVD
EPSS 5% CVSS 5.0
MEDIUM POC PATCH This Month

Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Django
NVD
EPSS 13% CVSS 5.0
MEDIUM POC THREAT This Month

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Denial Of Service Python Rrdtool
NVD GitHub Exploit-DB
EPSS 3% CVSS 5.8
MEDIUM POC This Month

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file. Rated low severity (CVSS 3.3). No vendor patch available.

Race Condition Python Authentication Bypass
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists. Rated medium severity (CVSS 4.4).

Python Code Injection Python Gnupg
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Python Gnupg
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

RCE Python Code Injection +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Opensuse +1
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Debian Linux +3
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM POC This Month

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Mac Os X
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 1% CVSS 8.5
HIGH PATCH This Week

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Python Privilege Escalation Plone
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD GitHub
EPSS 3% CVSS 9.3
CRITICAL PATCH Act Now

The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Code Injection +1
NVD
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Python Privilege Escalation Opensuse +1
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Opensuse +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload +3
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Python Imaging +2
NVD GitHub
EPSS 4% CVSS 10.0
CRITICAL Act Now

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Python +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Ubuntu +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Djblets
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Python Djblets +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Information Disclosure Python Gnupg
NVD
EPSS 90% 5.7 CVSS 7.4
HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform +14
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Oauth2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Oauth2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Python Mac Os X
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Open Redirect Ubuntu Linux +3
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Python +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.3).

Python Information Disclosure Eyed3 +1
NVD
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Python Pillow +1
NVD VulDB
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Ubuntu Linux +1
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

CSRF Python Privilege Escalation +2
NVD VulDB
EPSS 7% CVSS 5.1
MEDIUM PATCH This Month

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection +2
NVD VulDB
EPSS 8% CVSS 7.1
HIGH POC PATCH This Week

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Python Mac Os X
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Python Privilege Escalation Pillow +1
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library. Rated medium severity (CVSS 4.4). Public exploit code available.

Python Information Disclosure Pillow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Python Authentication Bypass Python Keystoneclient
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a. Rated medium severity (CVSS 5.8).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and. Rated medium severity (CVSS 5.2).

Denial Of Service Python Xen
NVD VulDB
EPSS 24% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.9%.

Python Buffer Overflow RCE +1
NVD Exploit-DB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Swift
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Bugzilla +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Python Information Disclosure Oslo +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to. Rated low severity (CVSS 3.3).

Python Information Disclosure Pyxdg
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Python Information Disclosure Rply
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Python Keystoneclient
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat +6
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in. Rated medium severity (CVSS 6.2). No vendor patch available.

Python Information Disclosure Luci +1
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Denial Of Service Ubuntu Linux
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python XSS Django
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Python Keystoneclient
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Python Code Injection RCE +1
NVD GitHub
EPSS 84% 5.4 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 83.6%.

Python Code Injection RCE +1
NVD Exploit-DB GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Denial Of Service Authentication Bypass +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Glanceclient +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of. Rated high severity (CVSS 7.4). No vendor patch available.

Python Buffer Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Ubuntu Linux +1
NVD
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

bson/_cbsonmodule.c in the mongo-python-driver (aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python Denial Of Service MongoDB +2
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Django +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Django +1
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure XXE +2
NVD
EPSS 4% CVSS 5.0
MEDIUM POC PATCH This Month

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Buffer Overflow Denial Of Service +6
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Python XSS Zeroclipboard
NVD GitHub
EPSS 0% CVSS 3.7
LOW POC Monitor

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Python Information Disclosure Automatic Bug Reporting Tool
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents. Rated medium severity (CVSS 6.8). No vendor patch available.

Python Red Hat RCE +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1). Rated medium severity (CVSS 6.2). No vendor patch available.

Python Red Hat Information Disclosure +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Python Information Disclosure Keyring
NVD
EPSS 4% CVSS 6.4
MEDIUM PATCH This Month

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Django
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Python Information Disclosure Tweepy
NVD
Prev Page 24 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy