Vulnerabilities > Python > Python > 3.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-28 | CVE-2020-8315 | Improper Input Validation vulnerability in Python In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. | 4.3 |
| 2019-10-31 | CVE-2019-5010 | NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. | 7.5 |
| 2019-10-23 | CVE-2019-18348 | Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. | 6.1 |
| 2019-10-12 | CVE-2019-17514 | Incorrect Calculation vulnerability in Python 3.6.0/3.7.0/3.8.0 library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. | 5.0 |
| 2019-09-28 | CVE-2019-16935 | Cross-site Scripting vulnerability in multiple products The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. | 6.1 |
| 2019-09-06 | CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. | 7.5 |
| 2019-09-04 | CVE-2019-15903 | XML Entity Expansion vulnerability in multiple products In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | 7.5 |
| 2019-07-13 | CVE-2018-20852 | Improper Input Validation vulnerability in Python http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. | 5.3 |
| 2019-06-19 | CVE-2019-12900 | Out-of-bounds Write vulnerability in multiple products BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | 9.8 |
| 2019-06-07 | CVE-2019-10160 | Encoding Error vulnerability in multiple products A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. | 9.8 |