Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2019/05/27 12:40 a.m.34 views

Denial Of Service (DoS)

Python is vulnerable to denial of service attacks. Remote unauthenticated attackers could exploit the vulnerable Elementtree C Accelerator component by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and R...

7.5CVSS7.8AI score0.01247EPSS
Exploits0References20Affected Software7
RedHat Linux
RedHat Linuxadded 2019/05/22 12:3 p.m.2 views

python: Missing salt initialization in _elementtree.c module

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

7.5CVSS6.7AI score0.01247EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletinsadded 2019/03/12 10:45 p.m.21 views

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Python

Summary IBM Cloud Private, Cloud Foundry for IBM Cloud Private and IBM Cloud Automation Manager are vulnerable to a security vulnerability in Python Vulnerability Details CVEID: CVE-2018-14647 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the elementtree C...

7.5CVSS1.1AI score0.01247EPSS
Exploits0Affected Software1
OSV
OSVadded 2018/12/31 10:42 p.m.9 views

MGASA-2018-0495 Updated python packages fix security vulnerabilities

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...

9.8CVSS7.5AI score0.26492EPSS
Exploits1References5
CVE
CVEadded 2018/09/25 12:0 a.m.613 views

CVE-2018-14647

CVE-2018-14647 affects Python’s elementtree C accelerator, which failed to initialize Expat’s hash salt. This can enable denial-of-service attacks by triggering pathological hash collisions in Expat’s internal structures, consuming CPU and RAM. Affected versions include Python 3.7.0, 3.6.0–3.6.6,...

7.5CVSS7.5AI score0.01247EPSS
Exploits0References16Affected Software1
AlpineLinux
AlpineLinuxadded 2018/09/25 12:0 a.m.51 views

CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

7.5CVSS8.5AI score0.01247EPSS
Exploits0
Rows per page
Query Builder