Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-14 | CVE-2017-17522 | Injection vulnerability in Python Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
| 2017-11-17 | CVE-2017-1000158 | Integer Overflow or Wraparound vulnerability in multiple products CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | 9.8 |
| 2017-08-24 | CVE-2014-4616 | Improper Validation of Array Index vulnerability in multiple products Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. | 4.3 |
| 2017-07-25 | CVE-2017-9233 | Infinite Loop vulnerability in multiple products XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | 7.5 |
| 2017-06-14 | CVE-2017-2810 | Unspecified vulnerability in Python Tablib 0.11.4 An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. | 7.5 |
| 2017-04-24 | CVE-2016-3076 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Python Pillow Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | 4.3 |
| 2017-02-15 | CVE-2017-5992 | XXE vulnerability in Python Openpyxl 2.4.1 Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. | 5.8 |
| 2017-01-11 | CVE-2016-9015 | Improper Certificate Validation vulnerability in Python Urllib3 1.17/1.18 Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. | 2.6 |
| 2017-01-10 | CVE-2016-6581 | Resource Management Errors vulnerability in Python Hpack and Hyper A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. | 7.8 |
| 2017-01-10 | CVE-2016-6580 | Resource Management Errors vulnerability in Python Priority Library 1.0.0/1.1.0/1.1.1 A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. | 5.0 |