Vulnerabilities > Python > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2016-1000110 Open Redirect vulnerability in multiple products
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
network
low complexity
python debian fedoraproject CWE-601
6.1
6.1
2019-11-25 CVE-2012-5578 Incorrect Default Permissions vulnerability in Python Keyring
Python keyring has insecure permissions on new databases allowing world-readable files to be created
local
low complexity
python CWE-276
6.2
6.2
2019-10-23 CVE-2019-18348 Injection vulnerability in Python
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0.
network
low complexity
python CWE-74
6.1
6.1
2019-09-28 CVE-2019-16935 Cross-site Scripting vulnerability in multiple products
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field.
network
low complexity
python debian canonical CWE-79
6.1
6.1
2019-07-13 CVE-2018-20852 Improper Input Validation vulnerability in Python
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server.
network
low complexity
python CWE-20
5.3
5.3
2019-04-15 CVE-2019-11236 CRLF Injection vulnerability in Python Urllib3 0.3
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
network
low complexity
python CWE-93
6.1
6.1
2019-03-23 CVE-2019-9947 CRLF Injection vulnerability in Python
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.
network
low complexity
python CWE-93
6.1
6.1
2019-03-13 CVE-2019-9740 CRLF Injection vulnerability in Python
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.
network
low complexity
python CWE-93
6.1
6.1
2019-01-25 CVE-2019-6802 Injection vulnerability in Python Pypiserver
CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.
network
low complexity
python CWE-74
6.1
6.1
2018-03-07 CVE-2018-1000117 Classic Buffer Overflow vulnerability in Python
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege.
local
low complexity
python CWE-120
6.7
6.7