Vendor CVEs
Python (programming language)
All CVEs
310 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3142 | 0.00 | — | 0.04 | Aug 1, 2008 | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related… | |||
| CVE-2008-1679 | 0.00 | — | 0.04 | Apr 22, 2008 | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix… | |||
| CVE-2008-1721 | 0.00 | — | 0.23 | Apr 10, 2008 | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | |||
| CVE-2008-0299 | 0.00 | — | 0.02 | Jan 16, 2008 | common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. | |||
| CVE-2006-4980 | 0.00 | — | 0.05 | Oct 10, 2006 | Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. | |||
| CVE-2006-1542 | 0.00 | — | 0.01 | Mar 30, 2006 | Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to… | |||
| CVE-2005-0089 | 0.00 | — | 0.05 | May 2, 2005 | The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and… | |||
| CVE-2004-0150 | 0.00 | — | 0.05 | Apr 15, 2004 | Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. | |||
| CVE-2003-0973 | 0.00 | — | 0.06 | Dec 15, 2003 | Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. | |||
| CVE-2002-1119 | 0.00 | — | 0.00 | Oct 4, 2002 | os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. |
- CVE-2008-3142Aug 1, 2008risk 0.00cvss —epss 0.04
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related…
- CVE-2008-1679Apr 22, 2008risk 0.00cvss —epss 0.04
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix…
- CVE-2008-1721Apr 10, 2008risk 0.00cvss —epss 0.23
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
- CVE-2008-0299Jan 16, 2008risk 0.00cvss —epss 0.02
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
- CVE-2006-4980Oct 10, 2006risk 0.00cvss —epss 0.05
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
- CVE-2006-1542Mar 30, 2006risk 0.00cvss —epss 0.01
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to…
- CVE-2005-0089May 2, 2005risk 0.00cvss —epss 0.05
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and…
- CVE-2004-0150Apr 15, 2004risk 0.00cvss —epss 0.05
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
- CVE-2003-0973Dec 15, 2003risk 0.00cvss —epss 0.06
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
- CVE-2002-1119Oct 4, 2002risk 0.00cvss —epss 0.00
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
Page 7 of 7