Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2667 | 1 Python | 1 Python | 2017-06-30 | 3.3 LOW | N/A |
| Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | |||||
| CVE-2015-5652 | 2 Microsoft, Python | 2 Windows, Python | 2016-11-28 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." | |||||
| CVE-2013-7440 | 1 Python | 1 Python | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2009-2940 | 2 Pygresql, Python | 2 Pygresql, Python | 2009-12-18 | 7.5 HIGH | N/A |
| The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings. | |||||