Vulnerabilities > Python

DATE	CVE	VULNERABILITY TITLE	RISK
2019-06-19	CVE-2019-12900	Out-of-bounds Write vulnerability in multiple products BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. network low complexity bzip debian opensuse canonical freebsd python CWE-787 critical	9.8
2019-06-07	CVE-2019-10160	Encoding Error vulnerability in multiple products A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. network low complexity python redhat debian opensuse fedoraproject canonical netapp CWE-172 critical	9.8
2019-06-06	CVE-2019-12761	Code Injection vulnerability in Python Pyxdg 0.25 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. network high complexity python CWE-94	7.5
2019-04-18	CVE-2019-11324	Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. network low complexity python canonical CWE-295	7.5
2019-04-15	CVE-2019-11236	CRLF Injection vulnerability in Python Urllib3 0.3 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. network low complexity python CWE-93	6.1
2019-03-23	CVE-2019-9948	Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. network low complexity python opensuse debian fedoraproject canonical redhat CWE-22 critical	9.1
2019-03-23	CVE-2019-9947	CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. network low complexity python CWE-93	6.1
2019-03-21	CVE-2019-6690	Improper Input Validation vulnerability in multiple products python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. network low complexity python debian opensuse suse canonical CWE-20	7.5
2019-03-13	CVE-2019-9740	CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. network low complexity python CWE-93	6.1
2019-03-08	CVE-2019-9636	Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. network low complexity python fedoraproject opensuse debian canonical redhat oracle critical	9.8

Vulnerabilities > Python {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Python"}]}

Vulnerabilities > Python