The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of CPython

Python: code execution via _xxsubinterpreters
An attacker can use a vulnerability via _xxsubinterpreters of Python, in order to run code...
43472, VIGILANCE-VUL-35137
Python: information disclosure via Audit Hooks Gc Module Functions
An attacker can bypass access restrictions to data via Audit Hooks Gc Module Functions of Python, in order to obtain sensitive information...
43439, VIGILANCE-VUL-34825
Python urllib: data transit via parse_qsl
An attacker can bypass filtering rules via parse_qsl() of Python urllib, in order to transmit malicious data...
42967, CVE-2021-23336, DLA-2569-1, DLA-2619-1, DLA-2628-1, FEDORA-2021-1bb399a5af, FEDORA-2021-2897f5366c, FEDORA-2021-309bc2e727, FEDORA-2021-b326fcb83f, FEDORA-2021-b76ede8f4d, FEDORA-2021-ef83e8525a, NTAP-20210326-0004, openSUSE-SU-2021:0435-1, SUSE-SU-2021:0768-1, SUSE-SU-2021:0794-1, SUSE-SU-2021:0886-1, SUSE-SU-2021:0887-1, SUSE-SU-2021:0947-1, USN-4742-1, VIGILANCE-VUL-34588
Python: buffer overflow via ctypes PyCArg_repr
An attacker can trigger a buffer overflow via ctypes PyCArg_repr() of Python, in order to trigger a denial of service, and possibly to run code...
42938, CERTFR-2021-AVI-140, CVE-2021-3177, DLA-2619-1, FEDORA-2021-42ba9feb47, FEDORA-2021-851c6e4e2d, FEDORA-2021-ced31f3f0c, FEDORA-2021-d5cde50865, openSUSE-SU-2021:0270-1, openSUSE-SU-2021:0331-1, SUSE-SU-2021:0355-1, SUSE-SU-2021:0428-1, SUSE-SU-2021:0432-1, SUSE-SU-2021:0529-1, USN-4754-1, USN-4754-2, USN-4754-3, USN-4754-4, VIGILANCE-VUL-34369
Python: information disclosure via hmac.compare_digest Timing
An attacker can bypass access restrictions to data via hmac.compare_digest Timing of Python, in order to obtain sensitive information...
40791, VIGILANCE-VUL-34002
Python plistlib: overload via Apple Property List
An attacker can trigger an overload via Apple Property List of Python plistlib, in order to trigger a denial of service...
42103, VIGILANCE-VUL-33776
Python plistlib: external XML entity injection
An attacker can transmit malicious XML data to Python plistlib, in order to read a file, scan sites, or trigger a denial of service...
42051, VIGILANCE-VUL-33626
Python: code execution via CJK Codec Tests eval
An attacker can use a vulnerability via CJK Codec Tests eval() of Python, in order to run code...
CVE-2020-27619, openSUSE-SU-2020:2332-1, openSUSE-SU-2020:2333-1, SUSE-SU-2020:3865-1, SUSE-SU-2020:3930-1, USN-4754-1, USN-4754-2, USN-4754-3, USN-4754-4, VIGILANCE-VUL-33492
Python: vulnerability via Invalid Glob Documentation
A vulnerability via Invalid Glob Documentation of Python was announced...
33275, CVE-2019-17514, USN-4428-1, VIGILANCE-VUL-32904
Python: denial of service via NEWOBJ_EX
An attacker can trigger a fatal error via NEWOBJ_EX of Python, in order to trigger a denial of service...
41288, VIGILANCE-VUL-32889
Our database contains other pages. You can request a free trial to read them.

Display information about CPython: