| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of CPython
Python: information disclosure via Email Address Multiple At Characters
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CVE-2019-16056, DLA-1924-1, DLA-1925-1, FEDORA-2019-2b1f72899a, FEDORA-2019-d58eb75449, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2019:2438-1, openSUSE-SU-2019:2453-1, RHSA-2019:3725-01, SUSE-SU-2019:2748-1, SUSE-SU-2019:2748-2, USN-4151-1, USN-4151-2, VIGILANCE-VUL-30278.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
libexpat: out-of-bounds memory reading via XML_GetCurrentLineNumber
Synthesis of the vulnerability
An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CERTFR-2019-AVI-535, CVE-2019-15903, DLA-1912-1, DLA-1987-1, DLA-1997-1, DSA-4530-1, DSA-4549-1, DSA-4571-1, FEDORA-2019-672ae0f060, FEDORA-2019-9505c6b555, FEDORA-2019-9b4ebc2973, MFSA-2019-33, MFSA-2019-34, MFSA-2019-35, openSUSE-SU-2019:2204-1, openSUSE-SU-2019:2205-1, openSUSE-SU-2019:2420-1, openSUSE-SU-2019:2424-1, openSUSE-SU-2019:2425-1, openSUSE-SU-2019:2447-1, openSUSE-SU-2019:2451-1, openSUSE-SU-2019:2452-1, openSUSE-SU-2019:2459-1, openSUSE-SU-2019:2464-1, RHSA-2019:3210-01, RHSA-2019:3237-01, RHSA-2019:3756-01, SSA:2019-259-01, SSA:2019-293-01, SSA:2019-295-01, SUSE-SU-2019:2429-1, SUSE-SU-2019:2440-1, SUSE-SU-2019:2871-1, SUSE-SU-2019:2872-1, SUSE-SU-2019:2912-1, USN-4132-1, USN-4132-2, USN-4165-1, USN-4165-2, VIGILANCE-VUL-30268.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: information disclosure via Punycode/IDNA NFKC Normalization
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 21/06/2019.
Identifiers: 1102875, bulletinjul2019, CVE-2019-10160, DLA-1834-1, FEDORA-2019-2b1f72899a, openSUSE-SU-2019:1906-1, RHSA-2019:1587-01, RHSA-2019:1700-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2019:2064-1, SUSE-SU-2019:2091-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-29596.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python urllib: file reading via Blacklist Bypass
Synthesis of the vulnerability
A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 1102875, 35907, bulletinjul2019, CVE-2019-9948, DLA-1834-1, DLA-1852-1, DSA-2019-131, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1580-1, RHSA-2019:1700-01, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, SSA:2019-293-01, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28848.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python urllib2: information disclosure via CRLF Injection HTTP/Redis
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 1102875, 35906, bulletinjul2019, CVE-2019-9947, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SUSE-SU-2019:1352-1, SUSE-SU-2019:1352-2, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28847.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python urllib2: information disclosure via CRLF Injection
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 36276, bulletinjul2019, CVE-2019-9740, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:2131-1, openSUSE-SU-2019:2133-1, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SSA:2019-293-01, SUSE-SU-2019:2331-1, SUSE-SU-2019:2332-1, SUSE-SU-2019:2370-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28846.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: information disclosure via Cookie Domain Check
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/03/2019.
Identifiers: 35121, bulletinoct2019, CVE-2018-20852, DLA-1889-1, DLA-1906-1, openSUSE-SU-2019:1988-1, openSUSE-SU-2019:1989-1, RHSA-2019:3725-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2091-1, SUSE-SU-2019:2114-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28767.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: information disclosure via Punycode/IDNA NFKC Normalization
Synthesis of the vulnerability
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 08/03/2019.
Identifiers: 1102875, 36216, bulletinapr2019, bulletinjul2019, CVE-2019-9636, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-2019-131, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, openSUSE-SU-2019:1580-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, RHSA-2019:2980-01, RHSA-2019:3170-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28692.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
Python: integer overflow via Pickle
Synthesis of the vulnerability
An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 01/02/2019.
Identifiers: 34656, bulletinjul2019, CVE-2018-20406, DLA-1663-1, openSUSE-SU-2019:0155-1, RHSA-2019:3725-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0243-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28419.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Python: NULL pointer dereference via _get_crl_dp
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 24/01/2019.
Identifiers: 35746, bulletinjul2019, CVE-2019-5010, DLA-1663-1, DLA-1834-1, FEDORA-2019-00870e8bfc, openSUSE-SU-2019:0155-1, openSUSE-SU-2019:0184-1, openSUSE-SU-2019:0292-1, RHSA-2019:2030-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SSA:2019-062-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0223-1, SUSE-SU-2019:0243-1, SUSE-SU-2019:0271-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, TALOS-2019-0758, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28358.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about CPython:
|