Vulnerabilities > Python > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-25 | CVE-2012-5578 | Incorrect Default Permissions vulnerability in Python Keyring Python keyring has insecure permissions on new databases allowing world-readable files to be created | 2.1 |
| 2018-02-08 | CVE-2018-1000030 | Use After Free vulnerability in multiple products Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. | 3.3 |
| 2017-01-11 | CVE-2016-9015 | Improper Certificate Validation vulnerability in Python Urllib3 1.17/1.18 Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. | 2.6 |
| 2014-11-16 | CVE-2014-2667 | Race Condition vulnerability in Python Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | 3.3 |
| 2014-04-17 | CVE-2014-1933 | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. | 2.1 |
| 2014-01-28 | CVE-2014-1604 | Unspecified vulnerability in Python Rply 0.7.0 The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name. | 2.1 |
| 2014-01-28 | CVE-2014-1624 | Link Following vulnerability in Python Pyxdg 0.25 Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called. | 3.3 |
| 2012-11-30 | CVE-2012-4571 | Cryptographic Issues vulnerability in Python Keyring 0.9.1 Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack. | 2.1 |
| 2012-08-27 | CVE-2011-4944 | Permissions, Privileges, and Access Controls vulnerability in Python Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | 1.9 |
| 2011-12-31 | CVE-2011-4617 | Link Following vulnerability in Python Virtualenv virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. | 1.2 |