Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-06 | CVE-2019-12761 | Code Injection vulnerability in Python Pyxdg 0.25 A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. | 5.1 |
| 2019-04-18 | CVE-2019-11324 | Improper Certificate Validation vulnerability in multiple products The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. | 7.5 |
| 2019-04-15 | CVE-2019-11236 | CRLF Injection vulnerability in Python Urllib3 In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | 6.1 |
| 2019-03-23 | CVE-2019-9948 | Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 9.1 |
| 2019-03-23 | CVE-2019-9947 | CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. | 6.1 |
| 2019-03-21 | CVE-2019-6690 | Improper Input Validation vulnerability in multiple products python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. | 7.5 |
| 2019-03-13 | CVE-2019-9740 | CRLF Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. | 6.1 |
| 2019-03-08 | CVE-2019-9636 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. | 9.8 |
| 2019-01-25 | CVE-2019-6802 | CRLF Injection vulnerability in Python Pypiserver CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI. | 4.3 |
| 2018-12-23 | CVE-2018-20406 | Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. | 7.5 |