Filtered by vendor Python
Subscribe
Search
Total
202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35653 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2021-07-22 | 5.8 MEDIUM | 7.1 HIGH |
| In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | |||||
| CVE-2020-8315 | 1 Python | 1 Python | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. | |||||
| CVE-2020-14422 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Enterprise Manager Ops Center and 1 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. | |||||
| CVE-2019-6802 | 1 Python | 1 Pypiserver | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. | |||||
| CVE-2018-20060 | 2 Fedoraproject, Python | 2 Fedora, Urllib3 | 2021-06-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. | |||||
| CVE-2019-11324 | 2 Canonical, Python | 2 Ubuntu Linux, Urllib3 | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | |||||
| CVE-2019-11236 | 1 Python | 1 Urllib3 | 2021-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | |||||
| CVE-2009-3720 | 3 A M Kuchling, James Clark, Python | 3 Pyxml, Expat, Python | 2021-06-06 | 5.0 MEDIUM | N/A |
| The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | |||||
| CVE-2019-16935 | 1 Python | 1 Python | 2021-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. | |||||
| CVE-2021-28667 | 2 Python, Stackstorm | 2 Python, Stackstorm | 2021-03-25 | 7.1 HIGH | 7.5 HIGH |
| StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). | |||||
| CVE-2020-35654 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2021-03-22 | 6.8 MEDIUM | 8.8 HIGH |
| In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||||
| CVE-2015-2296 | 3 Canonical, Mageia Project, Python | 3 Ubuntu Linux, Mageia, Requests | 2021-03-18 | 6.8 MEDIUM | N/A |
| The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. | |||||
| CVE-2019-9947 | 1 Python | 1 Python | 2021-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | |||||
| CVE-2020-35655 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2021-01-29 | 5.8 MEDIUM | 5.4 MEDIUM |
| In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | |||||
| CVE-2019-18348 | 1 Python | 1 Python | 2020-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. | |||||
| CVE-2018-20406 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Python | 2020-10-29 | 5.0 MEDIUM | 7.5 HIGH |
| Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | |||||
| CVE-2013-1753 | 1 Python | 1 Python | 2020-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | |||||
| CVE-2019-10138 | 1 Python | 1 Novajoin | 2020-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens. | |||||
| CVE-2019-13404 | 2 Microsoft, Python | 2 Windows, Python | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| ** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x. | |||||
| CVE-2019-19911 | 1 Python | 1 Pillow | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. | |||||
| CVE-2018-1000030 | 2 Canonical, Python | 2 Ubuntu Linux, Python | 2020-08-24 | 3.3 LOW | 3.6 LOW |
| Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. | |||||
| CVE-2019-16056 | 1 Python | 1 Python | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. | |||||
| CVE-2018-20852 | 1 Python | 1 Python | 2020-08-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | |||||
| CVE-2020-10177 | 1 Python | 1 Pillow | 2020-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | |||||
| CVE-2018-14647 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2020-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | |||||
| CVE-2020-10378 | 1 Python | 1 Pillow | 2020-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | |||||
| CVE-2020-10994 | 1 Python | 1 Pillow | 2020-07-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | |||||
| CVE-2020-10379 | 1 Python | 1 Pillow | 2020-07-27 | 6.8 MEDIUM | 7.8 HIGH |
| In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. | |||||
| CVE-2020-11538 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2020-07-27 | 6.8 MEDIUM | 8.1 HIGH |
| In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | |||||
| CVE-2019-17514 | 1 Python | 1 Python | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. | |||||
| CVE-2019-9674 | 1 Python | 1 Python | 2020-07-27 | 5.0 MEDIUM | 7.5 HIGH |
| Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | |||||
| CVE-2020-5312 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | |||||
| CVE-2020-5311 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | |||||
| CVE-2020-13388 | 1 Python | 1 Jw.util | 2020-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. | |||||
| CVE-2019-19275 | 1 Python | 1 Typed Ast | 2020-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) | |||||
| CVE-2019-19274 | 1 Python | 1 Typed Ast | 2020-03-14 | 5.0 MEDIUM | 7.5 HIGH |
| typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.) | |||||
| CVE-2020-7212 | 1 Python | 1 Urllib3 | 2020-03-09 | 7.8 HIGH | 7.5 HIGH |
| The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). | |||||
| CVE-2010-1450 | 1 Python | 1 Python | 2020-02-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. | |||||
| CVE-2010-1449 | 1 Python | 1 Python | 2020-02-18 | 7.5 HIGH | N/A |
| Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. | |||||
| CVE-2009-4134 | 1 Python | 1 Python | 2020-02-18 | 5.0 MEDIUM | N/A |
| Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. | |||||
| CVE-2019-16865 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2020-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. | |||||
| CVE-2020-5313 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2020-02-18 | 5.8 MEDIUM | 7.1 HIGH |
| libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | |||||
| CVE-2013-1895 | 2 Fedoraproject, Python | 2 Fedora, Py-bcrypt | 2020-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten. | |||||
| CVE-2020-5310 | 1 Python | 1 Pillow | 2020-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | |||||
| CVE-2017-18207 | 1 Python | 1 Python | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." | |||||
| CVE-2012-5578 | 1 Python | 1 Keyring | 2019-12-04 | 2.1 LOW | 6.2 MEDIUM |
| Python keyring has insecure permissions on new databases allowing world-readable files to be created | |||||
| CVE-2012-0877 | 2 Python, Redhat | 3 Pyxml, Enterprise Linux, Enterprise Virtualization Hypervisor | 2019-12-03 | 7.8 HIGH | 7.5 HIGH |
| PyXML: Hash table collisions CPU usage Denial of Service | |||||
| CVE-2012-5577 | 2 Debian, Python | 2 Debian Linux, Keyring | 2019-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| Python keyring lib before 0.10 created keyring files with world-readable permissions. | |||||
| CVE-2010-3492 | 1 Python | 1 Python | 2019-10-29 | 5.0 MEDIUM | N/A |
| The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. | |||||
| CVE-2008-5031 | 1 Python | 1 Python | 2019-10-25 | 10.0 HIGH | N/A |
| Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | |||||