The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Python

security alert CVE-2017-18207

Python Core: denial of service via Wave_read._read_fmt_chunk

Synthesis of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 17/04/2018.
Identifiers: 32056, CVE-2017-18207, DSA-2019-131, openSUSE-SU-2018:0966-1, openSUSE-SU-2018:2126-1, SUSE-SU-2018:1786-1, SUSE-SU-2018:2040-1, VIGILANCE-VUL-25893.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Wave_read._read_fmt_chunk() of Python Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin 25736

Python: buffer overflow via Windows os.symlink

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink of Python, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 30/03/2018.
Identifiers: VIGILANCE-VUL-25736.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-1061

Python: denial of service via Poplib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1061, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, RHSA-2019:3725-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25735.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Poplib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1060

Python: denial of service via Difflib Regular Expressions

Synthesis of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 30/03/2018.
Identifiers: bulletinjan2019, CVE-2018-1060, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4306-1, DSA-4307-1, FEDORA-2018-a042f795b2, FEDORA-2018-aa8de9d66a, ibm10725759, openSUSE-SU-2018:2712-1, openSUSE-SU-2018:3703-1, RHSA-2018:3041-01, RHSA-2019:3725-01, SSA:2018-124-01, SUSE-SU-2018:2408-1, SUSE-SU-2018:2696-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, USN-3817-1, USN-3817-2, VIGILANCE-VUL-25734.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Difflib Regular Expressions of Python, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-1000117

Python: buffer overflow via Windows os.symlink

Synthesis of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink() of Python, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 08/03/2018.
Identifiers: 33001, CVE-2018-1000117, VIGILANCE-VUL-25490.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a buffer overflow via Windows os.symlink() of Python, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin 23906

Python: information disclosure via Typo Squatting

Synthesis of the vulnerability

An attacker created packages with similar names, to invite administrators to install them on Python, in order to obtain sensitive information.
Severity: 3/4.
Creation date: 22/09/2017.
Identifiers: skcsirt-sa-20170909-pypi-malicious-code, VIGILANCE-VUL-23906.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker created packages with similar names, to invite administrators to install them on Python, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2017-1000158

Python: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Python.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/09/2017.
Identifiers: bpo-30500, bpo-30730, bulletinapr2018, bulletinjul2018, CVE-2017-1000158, DLA-1189-1, DLA-1190-1, DLA-1519-1, DLA-1520-1, DSA-2019-131, DSA-4307-1, FEDORA-2017-2d441a1d98, FEDORA-2017-2e5a17c4cc, FEDORA-2017-677069c484, FEDORA-2017-6be762ea64, FEDORA-2017-7fe2c4bc0e, FEDORA-2017-99d12bf610, FEDORA-2017-a41f6a8078, FEDORA-2017-cf8c62747a, FEDORA-2017-e0abe14016, issue30657, openSUSE-SU-2018:1415-1, SUSE-SU-2018:1372-1, USN-3496-1, USN-3496-2, USN-3496-3, VIGILANCE-VUL-23866.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Python.

An attacker can use a vulnerability via Windows Environment Variables Injection, in order to run code. [severity:2/4; bpo-30730]

An attacker can bypass security features via urllib.splithost(), in order to escalate his privileges. [severity:2/4; bpo-30500]

An attacker can generate an integer overflow via PyString_DecodeEscape(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2017-1000158, issue30657]
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2016-9063

expat: integer overflow via XML_Parse

Synthesis of the vulnerability

An attacker can generate an integer overflow via XML_Parse() of expat, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 12/07/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, CERTFR-2018-AVI-288, CVE-2016-9063, FEDORA-2017-18601ad5d2, FEDORA-2017-2c5635cd97, FEDORA-2017-a44f9aa38b, HT208144, openSUSE-SU-2017:2336-1, SSA:2017-266-02, SSA:2018-124-01, SUSE-SU-2019:2872-1, TNS-2018-08, VIGILANCE-VUL-23211.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an integer overflow via XML_Parse() of expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-9233

expat: infinite loop

Synthesis of the vulnerability

An attacker can generate an infinite loop of expat, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 19/06/2017.
Identifiers: APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinjul2017, CERTFR-2018-AVI-288, CVE-2017-9233, DLA-990-1, DSA-3898-1, FEDORA-2017-18601ad5d2, FEDORA-2017-2c5635cd97, FEDORA-2017-a44f9aa38b, HT208144, openSUSE-SU-2017:2336-1, SSA:2017-266-02, SSA:2018-124-01, TNS-2018-08, USN-3356-1, USN-3356-2, VIGILANCE-VUL-22988.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an infinite loop of expat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2016-9840 CVE-2016-9841 CVE-2016-9842

zlib: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of zlib.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 05/12/2016.
Identifiers: 1997877, 2001520, 2003212, 2004735, 2005160, 2005255, 2006014, 2006017, 2007242, 2010282, 2011648, 2014202, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinapr2017, bulletinoct2018, CERTFR-2018-AVI-288, cpujul2018, cpuoct2017, cpuoct2018, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, DLA-1725-1, FEDORA-2018-242f6c1a41, FEDORA-2018-55b875c1ac, HT208144, ibm10718843, openSUSE-SU-2016:3202-1, openSUSE-SU-2017:0077-1, openSUSE-SU-2017:0080-1, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, openSUSE-SU-2018:3478-1, openSUSE-SU-2019:0327-1, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, SSA:2018-309-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:2989-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:3542-1, SUSE-SU-2018:3972-1, SUSE-SU-2018:4211-1, SUSE-SU-2019:0119-1, SUSE-SU-2019:0555-1, SUSE-SU-2019:2048-1, TNS-2018-08, VIGILANCE-VUL-21262.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in zlib.

An attacker can generate a memory corruption via Deflate External Linkage, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

A pointer error may have a consequence. [severity:1/4]

An attacker can force a read at an invalid address via inftrees.c, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9840, CVE-2016-9841]

A negative number shift is undefined. [severity:1/4; CVE-2016-9842]

An attacker can force a read at an invalid address via Big-endian Pointer, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9843]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Python: