Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-12900 Out-of-bounds Write vulnerability in multiple products
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
network
low complexity
bzip debian opensuse canonical freebsd python CWE-787
critical
9.8
2019-06-07 CVE-2019-10160 A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL.
network
low complexity
python redhat debian opensuse fedoraproject canonical netapp
critical
9.8
2019-06-06 CVE-2019-12761 Code Injection vulnerability in Python Pyxdg 0.25
A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file.
network
high complexity
python CWE-94
7.5
2019-04-18 CVE-2019-11324 Improper Certificate Validation vulnerability in multiple products
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome.
network
low complexity
python canonical CWE-295
7.5
2019-04-15 CVE-2019-11236 CRLF Injection vulnerability in Python Urllib3
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
network
low complexity
python CWE-93
6.1
2019-03-23 CVE-2019-9948 Path Traversal vulnerability in multiple products
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
network
low complexity
python opensuse debian fedoraproject canonical redhat CWE-22
critical
9.1
2019-03-23 CVE-2019-9947 CRLF Injection vulnerability in Python
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.
network
low complexity
python CWE-93
6.1
2019-03-21 CVE-2019-6690 Improper Input Validation vulnerability in multiple products
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended.
network
low complexity
python debian opensuse suse canonical CWE-20
7.5
2019-03-13 CVE-2019-9740 CRLF Injection vulnerability in Python
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.
network
low complexity
python CWE-93
6.1
2019-03-08 CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.
network
low complexity
python fedoraproject opensuse debian canonical redhat oracle
critical
9.8