The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CPython

computer vulnerability alert CVE-2019-10160

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 21/06/2019.
Identifiers: bulletinjul2019, CVE-2019-10160, DLA-1834-1, openSUSE-SU-2019:1906-1, RHSA-2019:1587-01, RHSA-2019:1700-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2019:2064-1, SUSE-SU-2019:2091-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-29596.

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9948

Python urllib: file reading via Blacklist Bypass

Synthesis of the vulnerability

A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Impacted products: Debian, VNX Operating Environment, VNX Series, openSUSE Leap, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/03/2019.
Identifiers: 35907, bulletinjul2019, CVE-2019-9948, DLA-1834-1, DLA-1852-1, DSA-2019-131, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1580-1, RHSA-2019:1700-01, RHSA-2019:2030-01, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28848.

Description of the vulnerability

A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2019-9947

Python urllib2: information disclosure via CRLF Injection HTTP/Redis

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Solaris, Python, RHEL, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/03/2019.
Identifiers: 35906, bulletinjul2019, CVE-2019-9947, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, RHSA-2019:2030-01, SUSE-SU-2019:1352-1, SUSE-SU-2019:1352-2, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28847.

Description of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-9740

Python urllib2: information disclosure via CRLF Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Impacted products: Ansible Tower, Debian, Fedora, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 25/03/2019.
Identifiers: 36276, bulletinjul2019, CVE-2019-9740, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, RHSA-2019:2030-01, SUSE-SU-2019:2331-1, SUSE-SU-2019:2332-1, SUSE-SU-2019:2370-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28846.

Description of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20852

Python: information disclosure via Cookie Domain Check

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 19/03/2019.
Identifiers: 35121, CVE-2018-20852, DLA-1889-1, DLA-1906-1, openSUSE-SU-2019:1988-1, openSUSE-SU-2019:1989-1, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2091-1, SUSE-SU-2019:2114-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28767.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-9636

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Impacted products: Debian, VNX Operating Environment, VNX Series, Fedora, openSUSE Leap, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 08/03/2019.
Identifiers: 36216, bulletinapr2019, bulletinjul2019, CVE-2019-9636, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-2019-131, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, openSUSE-SU-2019:1580-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28692.

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-20406

Python: integer overflow via Pickle

Synthesis of the vulnerability

An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, openSUSE Leap, Solaris, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/02/2019.
Identifiers: 34656, bulletinjul2019, CVE-2018-20406, DLA-1663-1, openSUSE-SU-2019:0155-1, SUSE-SU-2019:0215-1, SUSE-SU-2019:0243-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28419.

Description of the vulnerability

An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-5010

Python: NULL pointer dereference via _get_crl_dp

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 24/01/2019.
Identifiers: 35746, bulletinjul2019, CVE-2019-5010, DLA-1663-1, DLA-1834-1, FEDORA-2019-00870e8bfc, openSUSE-SU-2019:0155-1, openSUSE-SU-2019:0184-1, openSUSE-SU-2019:0292-1, RHSA-2019:2030-01, SSA:2019-062-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0223-1, SUSE-SU-2019:0243-1, SUSE-SU-2019:0271-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, TALOS-2019-0758, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28358.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-14647

Python: denial of service via XML Hash Collisions

Synthesis of the vulnerability

An attacker can generate a fatal error via XML Hash Collisions of Python, in order to trigger a denial of service.
Impacted products: Debian, IBM i, openSUSE Leap, Solaris, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/09/2018.
Identifiers: 34623, bulletinjul2019, CVE-2018-14647, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-4306-1, DSA-4307-1, ibm10876694, openSUSE-SU-2019:0292-1, RHSA-2019:2030-01, SSA:2019-062-01, SUSE-SU-2018:3156-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-27355.

Description of the vulnerability

An attacker can generate a fatal error via XML Hash Collisions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-1000802

Python: code execution via shutil-make_archive

Synthesis of the vulnerability

An attacker can use a vulnerability via shutil-make_archive() of Python, in order to run code.
Impacted products: Debian, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 26/09/2018.
Identifiers: 34540, CVE-2018-1000802, DLA-1519-1, DLA-1520-1, DSA-4306-1, openSUSE-SU-2018:3052-1, openSUSE-SU-2018:3703-1, SUSE-SU-2018:3002-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-27318.

Description of the vulnerability

An attacker can use a vulnerability via shutil-make_archive() of Python, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CPython: