The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Python

Python urllib: file reading via Blacklist Bypass
A local attacker can read a file via Blacklist Bypass of Python urllib, in order to obtain sensitive information...
1102875, 35907, bulletinjul2019, CVE-2019-9948, DLA-1834-1, DLA-1852-1, DLA-2280-1, DLA-2337-1, DSA-2019-131, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1580-1, RHSA-2019:1700-01, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2020:1268-01, RHSA-2020:1346-01, RHSA-2020:1462-01, SSA:2019-293-01, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, SUSE-SU-2020:0234-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28848
Python urllib2: information disclosure via CRLF Injection HTTP/Redis
An attacker can bypass access restrictions to data via CRLF Injection HTTP/Redis of Python urllib2, in order to obtain sensitive information...
1102875, 35906, bulletinjul2019, CVE-2019-9947, DLA-1834-1, DLA-1835-1, DLA-1835-2, DLA-2280-1, DLA-2337-1, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2020:0086-1, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2019:3725-01, RHSA-2020:1268-01, RHSA-2020:1346-01, RHSA-2020:1462-01, SUSE-SU-2019:1352-1, SUSE-SU-2019:1352-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, SUSE-SU-2020:2699-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28847
Python urllib2: information disclosure via CRLF Injection
An attacker can bypass access restrictions to data via CRLF Injection of Python urllib2, in order to obtain sensitive information...
36276, bulletinjul2019, CVE-2019-9740, DLA-1834-1, DLA-1835-1, DLA-1835-2, DLA-2280-1, DLA-2337-1, FEDORA-2019-1ffd6b6064, openSUSE-SU-2019:2131-1, openSUSE-SU-2019:2133-1, RHSA-2019:2030-01, RHSA-2019:3335-01, RHSA-2019:3520-01, RHSA-2019:3725-01, RHSA-2020:1268-01, RHSA-2020:1346-01, RHSA-2020:1462-01, SSA:2019-293-01, SUSE-SU-2019:2331-1, SUSE-SU-2019:2332-1, SUSE-SU-2019:2370-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28846
Python: information disclosure via Cookie Domain Check
An attacker can bypass access restrictions to data via Cookie Domain Check of Python, in order to obtain sensitive information...
35121, bulletinoct2019, cpuapr2020, CVE-2018-20852, DLA-1889-1, DLA-1906-1, DLA-2280-1, DLA-2337-1, openSUSE-SU-2019:1988-1, openSUSE-SU-2019:1989-1, openSUSE-SU-2020:0086-1, RHSA-2019:3725-01, RHSA-2019:3948-01, RHSA-2020:1131-01, RHSA-2020:1132-01, RHSA-2020:1605-01, RHSA-2020:1764-01, SUSE-SU-2019:14142-1, SUSE-SU-2019:2050-1, SUSE-SU-2019:2091-1, SUSE-SU-2019:2114-1, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28767
Python: information disclosure via Punycode/IDNA NFKC Normalization
An attacker can bypass access restrictions to data via Punycode/IDNA NFKC Normalization of Python, in order to obtain sensitive information...
1102875, 36216, bulletinapr2019, bulletinjul2019, CVE-2019-9636, DLA-1834-1, DLA-1835-1, DLA-1835-2, DLA-2280-1, DLA-2337-1, DSA-2019-131, FEDORA-2019-1ffd6b6064, JSA10993, K57542514, openSUSE-SU-2019:1273-1, openSUSE-SU-2019:1282-1, openSUSE-SU-2019:1371-1, openSUSE-SU-2019:1580-1, openSUSE-SU-2020:0086-1, RHSA-2019:0710-01, RHSA-2019:0765-01, RHSA-2019:0806-01, RHSA-2019:0902-01, RHSA-2019:1467-01, RHSA-2019:2980-01, RHSA-2019:3170-01, SUSE-SU-2019:0961-1, SUSE-SU-2019:0971-1, SUSE-SU-2019:0972-1, SUSE-SU-2019:14018-1, SUSE-SU-2019:1439-1, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28692
Python: integer overflow via Pickle
An attacker can trigger an integer overflow via Pickle of Python, in order to trigger a denial of service, and possibly to run code...
34656, bulletinjul2019, CVE-2018-20406, DLA-1663-1, DLA-2280-1, openSUSE-SU-2019:0155-1, openSUSE-SU-2020:0086-1, RHSA-2019:3725-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0243-1, SUSE-SU-2020:0114-1, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28419
Python: NULL pointer dereference via _get_crl_dp
An attacker can force a NULL pointer to be dereferenced via _get_crl_dp() of Python, in order to trigger a denial of service...
35746, bulletinjul2019, CVE-2019-5010, DLA-1663-1, DLA-1834-1, DLA-2280-1, DLA-2337-1, FEDORA-2019-00870e8bfc, openSUSE-SU-2019:0155-1, openSUSE-SU-2019:0184-1, openSUSE-SU-2019:0292-1, openSUSE-SU-2020:0086-1, RHSA-2019:2030-01, RHSA-2019:3520-01, RHSA-2019:3725-01, SSA:2019-062-01, SUSE-SU-2019:0215-1, SUSE-SU-2019:0223-1, SUSE-SU-2019:0243-1, SUSE-SU-2019:0271-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, TALOS-2019-0758, USN-4127-1, USN-4127-2, VIGILANCE-VUL-28358
Python: denial of service via XML Hash Collisions
An attacker can generate a fatal error via XML Hash Collisions of Python, in order to trigger a denial of service...
34623, bulletinjul2019, CVE-2018-14647, DLA-1834-1, DLA-1835-1, DLA-1835-2, DSA-4306-1, DSA-4307-1, ibm10876694, openSUSE-SU-2019:0292-1, openSUSE-SU-2020:0086-1, RHSA-2019:2030-01, RHSA-2019:3725-01, RHSA-2020:1268-01, RHSA-2020:1346-01, RHSA-2020:1462-01, SSA:2019-062-01, SUSE-SU-2018:3156-1, SUSE-SU-2019:0482-1, SUSE-SU-2019:0482-2, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, USN-3817-1, USN-3817-2, VIGILANCE-VUL-27355
Python: code execution via shutil-make_archive
An attacker can use a vulnerability via shutil-make_archive() of Python, in order to run code...
34540, CVE-2018-1000802, DLA-1519-1, DLA-1520-1, DSA-4306-1, openSUSE-SU-2018:3052-1, openSUSE-SU-2018:3703-1, openSUSE-SU-2020:0086-1, SUSE-SU-2018:3002-1, SUSE-SU-2018:3554-1, SUSE-SU-2018:3554-2, SUSE-SU-2019:2053-1, SUSE-SU-2019:2053-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, SUSE-SU-2020:0302-1, USN-3817-1, USN-3817-2, VIGILANCE-VUL-27318
Python: buffer overflow via os.symlink
An attacker can generate a buffer overflow via os.symlink of Python, in order to trigger a denial of service, and possibly to run code...
VIGILANCE-VUL-26967
Our database contains other pages. You can request a free trial to read them.

Display information about Python: