Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Python
(Python)Repositories | https://github.com/python/cpython |
#Vulnerabilities | 122 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-07-04 | CVE-2020-15523 | In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | Snapcenter, Python | 7.8 | ||
2008-04-18 | CVE-2008-1887 | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | Ubuntu_linux, Debian_linux, Python | N/A | ||
2018-06-11 | CVE-2016-9063 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | Debian_linux, Firefox, Python | 9.8 | ||
2020-02-20 | CVE-2014-4650 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | Python, Enterprise_linux, Software_collections | 9.8 | ||
2020-07-17 | CVE-2020-15801 | In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | Max_data, Python | 9.8 | ||
2020-01-28 | CVE-2020-8315 | In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. | Python | 5.5 | ||
2020-03-11 | CVE-2013-1753 | The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | Python | 7.5 | ||
2018-02-08 | CVE-2018-1000030 | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already... | Ubuntu_linux, Python | N/A | ||
2010-05-27 | CVE-2010-1450 | Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. | Python | N/A | ||
2010-05-27 | CVE-2009-4134 | Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. | Python | N/A |