The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of CPython

Python: vulnerability via Invalid Glob Documentation
A vulnerability via Invalid Glob Documentation of Python was announced...
33275, CVE-2019-17514, USN-4428-1, VIGILANCE-VUL-32904
Python email.headerregistry.Address: message corruption via a end of line injection
An attacker can corrupt a message created by an application using the Python class email.headerregistry.Address...
39073, VIGILANCE-VUL-32357
Python: denial of service via urllib.request.AbstractBasicAuthHandler
An attacker can trigger a fatal error via urllib.request.AbstractBasicAuthHandler of Python, in order to trigger a denial of service...
6206164, 6206166, CVE-2020-8492, DLA-2280-1, FEDORA-2020-6a88dad4a0, FEDORA-2020-8bdd3fd7a4, FEDORA-2020-ea5bdbcc90, openSUSE-SU-2020:0274-1, SUSE-SU-2020:0467-1, SUSE-SU-2020:0510-1, SUSE-SU-2020:0557-1, SUSE-SU-2020:14306-1, USN-4333-1, USN-4333-2, VIGILANCE-VUL-31481
Python: executing DLL code via Windows 7 api-ms-win-core-path-l1-1-0.dll
An attacker can create a malicious Windows 7 api-ms-win-core-path-l1-1-0.dll DLL, and then put it in the current directory of Python, in order to execute code...
39401, CVE-2020-8315, VIGILANCE-VUL-31456
Python: denial of service via http.cookiejar ReDoS
An attacker can trigger a fatal error via http.cookiejar ReDoS of Python, in order to trigger a denial of service...
VIGILANCE-VUL-31194
Python urllib2: information disclosure via CRLF Injection Host Control Characters
An attacker can bypass access restrictions to data via CRLF Injection Host Control Characters of Python urllib2, in order to obtain sensitive information...
6206164, 6206166, CVE-2019-18348, DLA-2280-1, FEDORA-2020-8bdd3fd7a4, FEDORA-2020-ea5bdbcc90, openSUSE-SU-2020:0696-1, SUSE-SU-2020:0750-1, SUSE-SU-2020:1339-1, USN-4333-1, USN-4333-2, VIGILANCE-VUL-30709
Python: Cross Site Scripting via DocXMLRPCServer.py
An attacker can trigger a Cross Site Scripting via DocXMLRPCServer.py of Python, in order to run JavaScript code in the context of the web site...
1102875, cpujul2020, CVE-2019-16935, DLA-2280-1, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2019:2438-1, openSUSE-SU-2019:2453-1, openSUSE-SU-2020:0086-1, SUSE-SU-2019:2748-1, SUSE-SU-2019:2748-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, USN-4151-1, USN-4151-2, VIGILANCE-VUL-30477
Python: information disclosure via Email Address Multiple At Characters
An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information...
cpuapr2020, cpujul2020, CVE-2019-16056, DLA-1924-1, DLA-1925-1, DLA-2280-1, FEDORA-2019-2b1f72899a, FEDORA-2019-d58eb75449, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2019:2438-1, openSUSE-SU-2019:2453-1, openSUSE-SU-2020:0086-1, RHSA-2019:3725-01, RHSA-2019:3948-01, RHSA-2020:1131-01, RHSA-2020:1132-01, RHSA-2020:1605-01, RHSA-2020:1764-01, RHSA-2020:2520-01, SUSE-SU-2019:2748-1, SUSE-SU-2019:2748-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, USN-4151-1, USN-4151-2, VIGILANCE-VUL-30278
libexpat: out-of-bounds memory reading via XML_GetCurrentLineNumber
An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information...
3609135, CERTFR-2019-AVI-535, cpuapr2020, CVE-2019-15903, DLA-1912-1, DLA-1987-1, DLA-1997-1, DSA-4530-1, DSA-4549-1, DSA-4571-1, DSA-4571-2, FEDORA-2019-672ae0f060, FEDORA-2019-6dcf885e38, FEDORA-2019-9505c6b555, FEDORA-2019-9b4ebc2973, HT210785, HT210788, MFSA-2019-33, MFSA-2019-34, MFSA-2019-35, openSUSE-SU-2019:2204-1, openSUSE-SU-2019:2205-1, openSUSE-SU-2019:2420-1, openSUSE-SU-2019:2424-1, openSUSE-SU-2019:2425-1, openSUSE-SU-2019:2447-1, openSUSE-SU-2019:2451-1, openSUSE-SU-2019:2452-1, openSUSE-SU-2019:2459-1, openSUSE-SU-2019:2464-1, openSUSE-SU-2020:0010-1, openSUSE-SU-2020:0086-1, RHSA-2019:3210-01, RHSA-2019:3237-01, RHSA-2019:3756-01, SSA:2019-259-01, SSA:2019-293-01, SSA:2019-295-01, SSB-439005, SUSE-SU-2019:2429-1, SUSE-SU-2019:2440-1, SUSE-SU-2019:2871-1, SUSE-SU-2019:2872-1, SUSE-SU-2019:2912-1, SUSE-SU-2020:0114-1, SUSE-SU-2020:0302-1, USN-4132-1, USN-4132-2, USN-4165-1, USN-4165-2, USN-4202-2, VIGILANCE-VUL-30268
Python: information disclosure via Punycode/IDNA NFKC Normalization
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information...
1102875, bulletinjul2019, CVE-2019-10160, DLA-1834-1, DLA-2280-1, FEDORA-2019-2b1f72899a, openSUSE-SU-2019:1906-1, openSUSE-SU-2020:0086-1, RHSA-2019:1587-01, RHSA-2019:1700-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2019:2064-1, SUSE-SU-2019:2091-1, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-29596
Our database contains other pages. You can request a free trial to read them.

Display information about CPython: