Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2017-18207 | Divide By Zero vulnerability in Python The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. | 6.5 |
| 2018-02-08 | CVE-2018-1000030 | Use After Free vulnerability in multiple products Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. | 3.6 |
| 2017-12-14 | CVE-2017-17522 | Injection vulnerability in Python Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-11-17 | CVE-2017-1000158 | Integer Overflow or Wraparound vulnerability in multiple products CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | 9.8 |
| 2017-08-24 | CVE-2014-4616 | Improper Validation of Array Index vulnerability in multiple products Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. | 5.9 |
| 2017-07-25 | CVE-2017-9233 | Infinite Loop vulnerability in multiple products XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | 7.5 |
| 2017-06-14 | CVE-2017-2810 | Unspecified vulnerability in Python Tablib 0.11.4 An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. | 9.8 |
| 2017-04-24 | CVE-2016-3076 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | 5.5 |
| 2017-02-15 | CVE-2017-5992 | XXE vulnerability in Python Openpyxl 2.4.1 Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | 8.2 |
| 2017-01-11 | CVE-2016-9015 | Improper Certificate Validation vulnerability in Python Urllib3 1.17/1.18 Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. | 3.7 |