The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of CPython

Python: information disclosure via hmac.compare_digest Timing
An attacker can bypass access restrictions to data via hmac.compare_digest Timing of Python, in order to obtain sensitive information...
40791, VIGILANCE-VUL-34002
Python plistlib: overload via Apple Property List
An attacker can trigger an overload via Apple Property List of Python plistlib, in order to trigger a denial of service...
42103, VIGILANCE-VUL-33776
Python plistlib: external XML entity injection
An attacker can transmit malicious XML data to Python plistlib, in order to read a file, scan sites, or trigger a denial of service...
42051, VIGILANCE-VUL-33626
Python: code execution via CJK Codec Tests eval
An attacker can use a vulnerability via CJK Codec Tests eval() of Python, in order to run code...
CVE-2020-27619, openSUSE-SU-2020:2332-1, openSUSE-SU-2020:2333-1, SUSE-SU-2020:3865-1, SUSE-SU-2020:3930-1, VIGILANCE-VUL-33492
Python: vulnerability via Invalid Glob Documentation
A vulnerability via Invalid Glob Documentation of Python was announced...
33275, CVE-2019-17514, USN-4428-1, VIGILANCE-VUL-32904
Python: denial of service via NEWOBJ_EX
An attacker can trigger a fatal error via NEWOBJ_EX of Python, in order to trigger a denial of service...
41288, VIGILANCE-VUL-32889
Python: overload via TAR File
An attacker can trigger an overload via TAR File of Python, in order to trigger a denial of service...
39017, bulletinjul2020, CVE-2019-20907, DLA-2337-1, DLA-2456-1, FEDORA-2020-16167a66a2, FEDORA-2020-1ddd5273d6, FEDORA-2020-4cf7c3910b, FEDORA-2020-826b24c329, FEDORA-2020-87c0a0a52d, FEDORA-2020-d30881c970, FEDORA-2020-d808fdd597, FEDORA-2020-dfb11916cc, FEDORA-2020-e9251de272, FEDORA-2020-efb908b6a8, openSUSE-SU-2020:1254-1, openSUSE-SU-2020:1257-1, openSUSE-SU-2020:1258-1, openSUSE-SU-2020:1265-1, openSUSE-SU-2020:2332-1, openSUSE-SU-2020:2333-1, RHSA-2020:4273-01, RHSA-2020:4285-01, RHSA-2020:4299-01, RHSA-2020:4433-01, RHSA-2020:4641-01, RHSA-2020:4654-01, RHSA-2020:5009-01, RHSA-2020:5010-01, SUSE-SU-2020:2216-1, SUSE-SU-2020:2275-1, SUSE-SU-2020:2276-1, SUSE-SU-2020:2277-1, SUSE-SU-2020:2699-1, SUSE-SU-2020:3563-1, SUSE-SU-2020:3930-1, USN-4428-1, VIGILANCE-VUL-32888
Python: information disclosure via HTTP Header Injection
An attacker can bypass access restrictions to data via HTTP Header Injection of Python, in order to obtain sensitive information...
39603, CVE-2020-26116, DLA-2456-1, FEDORA-2020-16167a66a2, FEDORA-2020-4cf7c3910b, FEDORA-2020-887d3fa26f, FEDORA-2020-d30881c970, FEDORA-2020-d42cb01973, FEDORA-2020-e33acdea18, openSUSE-SU-2020:1859-1, openSUSE-SU-2020:1988-1, openSUSE-SU-2020:2332-1, openSUSE-SU-2020:2333-1, RHSA-2020:4273-01, RHSA-2020:4285-01, RHSA-2020:4299-01, SUSE-SU-2020:14550-1, SUSE-SU-2020:3115-1, SUSE-SU-2020:3121-1, SUSE-SU-2020:3262-1, SUSE-SU-2020:3563-1, SUSE-SU-2020:3930-1, USN-4581-1, VIGILANCE-VUL-32884
Python Core Windows 3.8: executing DLL code via python3x._pth
An attacker can create a malicious python3x._pth/python._pth DLL, and then put it in the current directory of Python Core Windows 3.8, in order to execute code...
41304, 6367949, CVE-2020-15801, VIGILANCE-VUL-32882
Python: executing DLL code via python3.dll
An attacker can create a malicious python3.dll DLL, and then put it in the current directory of Python, in order to execute code...
29778, CVE-2020-15523, FEDORA-2020-16167a66a2, FEDORA-2020-4cf7c3910b, RHSA-2020:2823-01, VIGILANCE-VUL-32711
Our database contains other pages. You can request a free trial to read them.

Display information about CPython: