Skip to main content

Python

2173 CVEs product

Monthly

CVE-2012-5822 HIGH POC This Week

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Zamboni
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2012-4406 PyPI CRITICAL PATCH Act Now

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization RCE Swift Fedora +5
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2012-1150 MEDIUM POC PATCH This Month

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2012-0845 MEDIUM POC PATCH This Month

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2012-3533 MEDIUM This Month

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure Ovirt Ovirt Engine Cli 3 1 0 5
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-4245 MEDIUM This Month

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Gimp
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2012-2135 MEDIUM This Month

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Buffer Overflow Denial Of Service Ubuntu Linux Debian Linux
NVD
CVSS 2.0
6.4
EPSS
1.4%
CVE-2012-3444 PyPI MEDIUM PATCH This Month

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Denial Of Service Django
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2012-3443 PyPI MEDIUM PATCH This Month

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Django
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-3442 PyPI MEDIUM PATCH This Month

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-0215 PyPI MEDIUM POC PATCH This Month

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Privilege Escalation Trytond
NVD
CVSS 2.0
5.5
EPSS
0.6%
CVE-2012-0876 MEDIUM This Month

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libexpat Python Debian Linux Ubuntu Linux +7
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2921 PyPI MEDIUM PATCH This Month

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Feedparser
NVD
CVSS 2.0
5.0
EPSS
1.3%
EPSS 0% CVSS 7.4
HIGH POC This Week

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Zamboni
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Python Deserialization RCE +7
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM POC PATCH This Month

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service
NVD
EPSS 3% CVSS 5.0
MEDIUM POC PATCH This Month

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Denial Of Service
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Information Disclosure Ovirt +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Gimp
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python Buffer Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Python Buffer Overflow Denial Of Service +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Django
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Privilege Escalation Trytond
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libexpat Python +9
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Python Denial Of Service Feedparser
NVD
Prev Page 25 of 25

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy