Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected....
6.8CVSS
6.5AI Score
0.002EPSS
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with...
7.5CVSS
5.7AI Score
0.002EPSS
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain...
7.5CVSS
7.4AI Score
0.002EPSS
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via...
9.8CVSS
9.6AI Score
0.007EPSS
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative...
7CVSS
7.2AI Score
0.007EPSS
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...
7.2CVSS
7.3AI Score
0.003EPSS
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap...
9.8CVSS
9.5AI Score
0.012EPSS
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code...
9CVSS
9.3AI Score
0.002EPSS
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on...
4.1CVSS
4.3AI Score
0.001EPSS
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not...
9.8CVSS
9.2AI Score
0.003EPSS
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header...
7.5CVSS
7.6AI Score
0.012EPSS
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...
7.8CVSS
7.4AI Score
0.001EPSS
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...
5.9CVSS
6.5AI Score
0.01EPSS
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by...
7.5CVSS
7.2AI Score
0.002EPSS
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to...
6.1CVSS
6.2AI Score
0.005EPSS
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version:...
7.9CVSS
7.6AI Score
0.001EPSS
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick...
6.1CVSS
5.7AI Score
0.004EPSS
Python-apt doesn't check if hashes are signed in Version.fetch_binary() and Version.fetch_source() of apt/package.py or in _fetch_archives() of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in...
4.7CVSS
4.5AI Score
0.001EPSS
python-apt only checks the MD5 sums of downloaded files in Version.fetch_binary() and Version.fetch_source() of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions...
4.7CVSS
4.4AI Score
0.001EPSS
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP...
7.5CVSS
6.8AI Score
0.003EPSS
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
9.8CVSS
7.5AI Score
0.311EPSS
8.8CVSS
8.7AI Score
0.004EPSS
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP...
7.5CVSS
7.1AI Score
0.013EPSS
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...
6.5CVSS
7AI Score
0.006EPSS
Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial...
7.5CVSS
7.3AI Score
0.003EPSS
In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are...
5.5CVSS
5.5AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an...
5.9CVSS
5.6AI Score
0.001EPSS
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
9.1CVSS
8.8AI Score
0.002EPSS
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key...
5.5CVSS
5.5AI Score
0.001EPSS
9.8CVSS
9.2AI Score
0.003EPSS
9.8CVSS
9.2AI Score
0.01EPSS
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP...
6.1CVSS
6.2AI Score
0.289EPSS
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of...
7.5CVSS
7.9AI Score
0.002EPSS
Python keyring has insecure permissions on new databases allowing world-readable files to be...
6.2CVSS
6.2AI Score
0.001EPSS
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted...
7.5CVSS
8.2AI Score
0.018EPSS
9.1CVSS
9.1AI Score
0.002EPSS
7.5CVSS
7.4AI Score
0.008EPSS
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL)...
6.1CVSS
6.3AI Score
0.004EPSS
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...
7.5CVSS
7.2AI Score
0.003EPSS
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary...
6.1CVSS
6.8AI Score
0.002EPSS
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM...
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers....
7.5CVSS
6.7AI Score
0.002EPSS
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer...
7.5CVSS
8.2AI Score
0.005EPSS
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their...
7.2CVSS
6.9AI Score
0.001EPSS
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA...
8.8CVSS
8.4AI Score
0.001EPSS
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not...
8.8CVSS
8.4AI Score
0.001EPSS
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid...
5.3CVSS
6.4AI Score
0.005EPSS
The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure...
7.8CVSS
7.5AI Score
0.001EPSS
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many...
9.8CVSS
9.6AI Score
0.02EPSS