CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

Circl•added 2026/04/02 5:0 p.m.•1 views

CVE-2019-20907

creationtimestamp| type| source ---|---|--- 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/...

7.5CVSS6.7AI score0.00323EPSS

Exploits0References1

Tenable Nessus•added 2025/11/13 12:0 a.m.•6 views

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2019-20907)

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.5CVSS6.8AI score0.00323EPSS

Exploits0References4

Tenable Nessus•added 2025/05/14 12:0 a.m.•11 views

Alibaba Cloud Linux 3 : 0262: python38:3.8 and python38-devel:3.8 (ALINUX3-SA-2024:0262)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0262 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-18874: psutil aka python-psutil...

10CVSS8.9AI score0.13704EPSS

Exploits9References16

Amazon•added 2025/04/29 12:0 a.m.•17 views

Medium: python26

Issue Overview: A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g. through urlopen or HTTPConnection. An attacker who can control the url parameter passed to urlopen method in the urllib/urllib2 modules can inject CRLF sequences and...

7.5CVSS8AI score0.02244EPSS

Exploits0

OpenVAS•added 2024/07/12 12:0 a.m.•49 views

Ubuntu: Security Advisory (USN-6891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.0991EPSS

Exploits27References2

Tenable Nessus•added 2023/11/06 12:0 a.m.•29 views

Rocky Linux 8 : python27:2.7 (RLSA-2020:4654)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4654 advisory. - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because...

7.5CVSS7.4AI score0.00622EPSS

Exploits1References5

Tenable Nessus•added 2023/11/06 12:0 a.m.•21 views

Rocky Linux 8 : python38:3.8 (RLSA-2020:4641)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4641 advisory. - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a...

10CVSS8.4AI score0.04807EPSS

Exploits3References13

Tenable Nessus•added 2023/09/07 12:0 a.m.•27 views

Oracle Linux 8 : python27:2.7 (ELSA-2020-4654)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4654 advisory. - The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can...

7.5CVSS7.4AI score0.00622EPSS

Exploits1References3

OSV•added 2023/08/31 12:15 p.m.•0 views

BELL-CVE-2019-20907 CVE-2019-20907 does not affect BellSoft software

Bulletin has no description...

7.5CVSS7.3AI score0.00323EPSS

Exploits0References1

IBM Security Bulletins•added 2023/08/17 3:52 a.m.•36 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Python CVE-2019-20907 Vulnerability Details CVEID:CVE-2019-20907 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the tarfile module in Lib/tarfile.py. By persuading a victim to open a specially-craft a...

7.5CVSS7.5AI score0.00323EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/08/15 3:37 a.m.•62 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)

7.5CVSS7.5AI score0.00323EPSS

Exploits0Affected Software1

Rosalinux•added 2023/07/25 10:31 a.m.•29 views

Advisory ROSA-SA-2023-2202

Software: python 3.6.8 OS: rosa-server79 packageevrstring: python-3.6.8-19.res7 CVE-ID: CVE-2023-24329 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A problem in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blacklisting methods by providing a URL that starts with empty...

7.5CVSS6.9AI score0.01445EPSS

Exploits3

Debian•added 2023/05/24 5:31 p.m.•52 views

[SECURITY] [DLA 3432-1] python2.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3432-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 24, 2023 https://wiki.debian.org/LTS -...

9.8CVSS9.4AI score0.02954EPSS

Exploits7

F5 Networks•added 2023/02/21 6:34 p.m.•47 views

K78284681: Python tarfile library vulnerability CVE-2019-20907

Security Advisory Description In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 Impact A user-created custom Python script utilizing the Python...

7.5CVSS7.2AI score0.00323EPSS

Exploits0Affected Software15

Tenable Nessus•added 2023/01/23 12:0 a.m.•46 views

RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

7.5CVSS7.5AI score0.02244EPSS

Exploits2References12

Tenable Nessus•added 2022/02/09 12:0 a.m.•28 views

AlmaLinux 8 : python3 (ALSA-2020:4433)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4433 advisory. - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in...

7.5CVSS7.1AI score0.02954EPSS

Exploits2References5

Tenable Nessus•added 2021/10/28 12:0 a.m.•44 views

F5 Networks BIG-IP : Python tarfile library vulnerability (K78284681)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K78284681 advisory. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite...

7.5CVSS7.3AI score0.00323EPSS

Exploits0References2

Tenable Nessus•added 2021/10/27 12:0 a.m.•248 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : python3 Multiple Vulnerabilities (NS-SA-2021-0147)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python3 packages installed that are affected by multiple vulnerabilities: - The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occur...

7.5CVSS7.1AI score0.02954EPSS

Exploits2References9

Tenable Nessus•added 2021/10/27 12:0 a.m.•38 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : python Vulnerability (NS-SA-2021-0152)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by a vulnerability: - In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpa...

7.5CVSS7.3AI score0.00323EPSS

Exploits0References3