Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-28 | CVE-2012-5577 | Incorrect Default Permissions vulnerability in multiple products Python keyring lib before 0.10 created keyring files with world-readable permissions. | 7.5 |
| 2019-10-23 | CVE-2019-18348 | Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. | 6.1 |
| 2019-10-12 | CVE-2019-17514 | Incorrect Calculation vulnerability in Python 3.6.0/3.7.0/3.8.0 library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. | 7.5 |
| 2019-10-04 | CVE-2019-16865 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Pillow before 6.2.0. | 7.5 |
| 2019-09-28 | CVE-2019-16935 | Cross-site Scripting vulnerability in multiple products The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. | 6.1 |
| 2019-09-06 | CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. | 7.5 |
| 2019-09-04 | CVE-2019-15903 | XML Entity Expansion vulnerability in multiple products In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | 7.5 |
| 2019-07-30 | CVE-2019-10138 | Unspecified vulnerability in Python Novajoin A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. | 8.8 |
| 2019-07-13 | CVE-2018-20852 | Improper Input Validation vulnerability in Python http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. | 5.3 |
| 2019-07-08 | CVE-2019-13404 | Files or Directories Accessible to External Parties vulnerability in Python The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. | 7.8 |