Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-7592 | 1 Python | 1 Python | 2024-09-04 | N/A | 7.5 HIGH |
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | |||||
CVE-2024-6232 | 1 Python | 1 Python | 2024-09-04 | N/A | 7.5 HIGH |
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | |||||
CVE-2017-18207 | 1 Python | 1 Python | 2024-08-05 | 4.3 MEDIUM | 6.5 MEDIUM |
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. | |||||
CVE-2019-13404 | 2 Microsoft, Python | 2 Windows, Python | 2024-08-05 | 9.3 HIGH | 7.8 HIGH |
The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x | |||||
CVE-2021-28861 | 2 Fedoraproject, Python | 2 Fedora, Python | 2024-08-03 | N/A | 7.4 HIGH |
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | |||||
CVE-2023-38898 | 1 Python | 1 Python | 2024-08-02 | N/A | 5.3 MEDIUM |
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | |||||
CVE-2023-36632 | 1 Python | 1 Python | 2024-08-02 | N/A | 7.5 HIGH |
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. | |||||
CVE-2023-6507 | 1 Python | 1 Python | 2024-05-07 | N/A | 4.9 MEDIUM |
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | |||||
CVE-2023-40217 | 1 Python | 1 Python | 2024-02-28 | N/A | 5.3 MEDIUM |
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | |||||
CVE-2023-41105 | 2 Netapp, Python | 2 Active Iq Unified Manager, Python | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | |||||
CVE-2022-48560 | 2 Debian, Python | 2 Debian Linux, Python | 2024-02-28 | N/A | 7.5 HIGH |
A use-after-free exists in Python through 3.9 via heappushpop in heapq. | |||||
CVE-2022-48565 | 2 Debian, Python | 2 Debian Linux, Python | 2024-02-28 | N/A | 9.8 CRITICAL |
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | |||||
CVE-2022-48564 | 2 Netapp, Python | 2 Active Iq Unified Manager, Python | 2024-02-28 | N/A | 6.5 MEDIUM |
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | |||||
CVE-2022-48566 | 3 Debian, Netapp, Python | 4 Debian Linux, Active Iq Unified Manager, Converged Systems Advisor Agent and 1 more | 2024-02-28 | N/A | 5.9 MEDIUM |
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | |||||
CVE-2023-27043 | 1 Python | 1 Python | 2024-02-28 | N/A | 5.3 MEDIUM |
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | |||||
CVE-2023-24329 | 3 Fedoraproject, Netapp, Python | 6 Fedora, Active Iq Unified Manager, Management Services For Element Software and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||||
CVE-2021-4189 | 4 Debian, Netapp, Python and 1 more | 5 Debian Linux, Ontap Select Deploy Administration Utility, Python and 2 more | 2024-02-28 | N/A | 5.3 MEDIUM |
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | |||||
CVE-2022-37454 | 8 Debian, Extended Keccak Code Package Project, Fedoraproject and 5 more | 8 Debian Linux, Extended Keccak Code Package, Fedora and 5 more | 2024-02-28 | N/A | 9.8 CRITICAL |
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | |||||
CVE-2022-42919 | 2 Fedoraproject, Python | 2 Fedora, Python | 2024-02-28 | N/A | 7.8 HIGH |
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | |||||
CVE-2020-10735 | 3 Fedoraproject, Python, Redhat | 5 Fedora, Python, Enterprise Linux and 2 more | 2024-02-28 | N/A | 7.5 HIGH |
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. |