The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of CPython

computer weakness alert CVE-2019-16056

Python: information disclosure via Email Address Multiple At Characters

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CVE-2019-16056, DLA-1924-1, DLA-1925-1, FEDORA-2019-2b1f72899a, FEDORA-2019-d58eb75449, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2019:2438-1, openSUSE-SU-2019:2453-1, RHSA-2019:3725-01, SUSE-SU-2019:2748-1, SUSE-SU-2019:2748-2, USN-4151-1, USN-4151-2, VIGILANCE-VUL-30278.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Email Address Multiple At Characters of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2019-15903

libexpat: out-of-bounds memory reading via XML_GetCurrentLineNumber

Synthesis of the vulnerability

An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 09/09/2019.
Identifiers: CERTFR-2019-AVI-535, CVE-2019-15903, DLA-1912-1, DLA-1987-1, DLA-1997-1, DSA-4530-1, DSA-4549-1, DSA-4571-1, FEDORA-2019-672ae0f060, FEDORA-2019-9505c6b555, FEDORA-2019-9b4ebc2973, MFSA-2019-33, MFSA-2019-34, MFSA-2019-35, openSUSE-SU-2019:2204-1, openSUSE-SU-2019:2205-1, openSUSE-SU-2019:2420-1, openSUSE-SU-2019:2424-1, openSUSE-SU-2019:2425-1, openSUSE-SU-2019:2447-1, openSUSE-SU-2019:2451-1, openSUSE-SU-2019:2452-1, openSUSE-SU-2019:2459-1, openSUSE-SU-2019:2464-1, RHSA-2019:3210-01, RHSA-2019:3237-01, RHSA-2019:3756-01, SSA:2019-259-01, SSA:2019-293-01, SSA:2019-295-01, SUSE-SU-2019:2429-1, SUSE-SU-2019:2440-1, SUSE-SU-2019:2871-1, SUSE-SU-2019:2872-1, SUSE-SU-2019:2912-1, USN-4132-1, USN-4132-2, USN-4165-1, USN-4165-2, VIGILANCE-VUL-30268.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via XML_GetCurrentLineNumber() of libexpat, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2019-10160

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 21/06/2019.
Identifiers: 1102875, bulletinjul2019, CVE-2019-10160, DLA-1834-1, FEDORA-2019-2b1f72899a, openSUSE-SU-2019:1906-1, RHSA-2019:1587-01, RHSA-2019:1700-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2019:2064-1, SUSE-SU-2019:2091-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-29596.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2019-9948

Python urllib: file reading via Blacklist Bypass

Synthesis of the vulnerability

A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 1102875, 35907, bulletinjul2019, CVE-2019-9948, DLA-1834-1, DLA-1852-1, DSA-2019-131, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1580-1, RHSA-2019:1700-01, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, SSA:2019-293-01, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28848.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2019-9947

Python urllib2: information disclosure via CRLF Injection HTTP/Redis

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 1102875, 35906, bulletinjul2019, CVE-2019-9947, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SUSE-SU-2019:1352-1, SUSE-SU-2019:1352-2, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28847.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-9740

Python urllib2: information disclosure via CRLF Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 25/03/2019.
Identifiers: 36276, bulletinjul2019, CVE-2019-9740, DLA-1834-1, DLA-1835-1, DLA-1835-2, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:2131-1, openSUSE-SU-2019:2133-1, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SSA:2019-293-01, SUSE-SU-2019:2331-1, SUSE-SU-2019:2332-1, SUSE-SU-2019:2370-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28846.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-20852

Python: information disclosure via Cookie Domain Check

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 19/03/2019.
Identifiers: 35121, bulletinoct2019, CVE-2018-20852, DLA-1889-1, DLA-1906-1, openSUSE-SU-2019:1988-1, openSUSE-SU-2019:1989-1, RHSA-2019:3725-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2091-1, SUSE-SU-2019:2114-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28767.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9636

Python: information disclosure via Punycode/IDNA NFKC Normalization

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 08/03/2019.
Identifiers: 1102875, 36216, bulletinapr2019, bulletinjul2019, CVE-2019-9636, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-2019-131, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, openSUSE-SU-2019:1580-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, RHSA-2019:2980-01, RHSA-2019:3170-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28692.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-20406

Python: integer overflow via Pickle

Synthesis of the vulnerability

An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 01/02/2019.
Identifiers: 34656, bulletinjul2019, CVE-2018-20406, DLA-1663-1, openSUSE-SU-2019:0155-1, RHSA-2019:3725-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0243-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28419.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-5010

Python: NULL pointer dereference via _get_crl_dp

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 24/01/2019.
Identifiers: 35746, bulletinjul2019, CVE-2019-5010, DLA-1663-1, DLA-1834-1, FEDORA-2019-00870e8bfc, openSUSE-SU-2019:0155-1, openSUSE-SU-2019:0184-1, openSUSE-SU-2019:0292-1, RHSA-2019:2030-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SSA:2019-062-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0223-1, SUSE-SU-2019:0243-1, SUSE-SU-2019:0271-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, TALOS-2019-0758, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28358.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about CPython: