Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

663 matches found

Positive Technologies
Positive Technologiesadded 2023/12/15 12:0 a.m.4 views

PT-2023-9235

Name of the Vulnerable Software and Affected Versions CPython versions prior to 3.12.4 CPython versions prior to 3.13.0a6 Description The issue is related to the "ipaddress" module, which contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as "globally...

7.5CVSS6.8AI score0.01042EPSS
Exploits0References268
OSV
OSVadded 2023/12/08 7:15 p.m.18 views

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

4.9CVSS6.8AI score0.01326EPSS
Exploits0References5
OSV
OSVadded 2023/12/08 7:15 p.m.3 views

AZL-35143 CVE-2023-6507 affecting package python3 for versions less than 3.12.3-1

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

4.9CVSS6.7AI score0.01326EPSS
Exploits0References1
NVD
NVDadded 2023/12/08 7:15 p.m.12 views

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS0.01326EPSS
Exploits0References5
Prion
Prionadded 2023/12/08 7:15 p.m.19 views

Design/Logic Flaw

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

3.3CVSS7.1AI score0.01326EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCveadded 2023/12/08 7:15 p.m.46 views

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS6.7AI score0.01326EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2023/12/08 6:20 p.m.15 views

CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS6.8AI score0.01326EPSS
Exploits0References5
CVE
CVEadded 2023/12/08 6:20 p.m.101 views

CVE-2023-6507

Affects CPython 3.12.0 on POSIX via the subprocess module. When using extra_groups=[], the code regressed to not calling setgroups(0, NULL) before exec(), so original process groups aren’t dropped before starting the new process. The issue only impacts privileged CPython processes (typically root...

6.1CVSS5.7AI score0.01326EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2023/12/08 6:20 p.m.37 views

CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS6.7AI score0.01326EPSS
Exploits0References5
OSV
OSVadded 2023/12/08 6:20 p.m.26 views

PSF-2023-12 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS5.6AI score0.01326EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2023/12/08 6:20 p.m.48 views

CVE-2023-6507

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS7.2AI score0.01326EPSS
Exploits0
OSV
OSVadded 2023/12/08 6:20 p.m.22 views

PSF-CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

6.1CVSS5.6AI score0.01326EPSS
Exploits0References3
vulnersOsv
vulnersOsvadded 2023/11/14 12:0 p.m.1 views

cpython-json (>=0.1.0 <=0.3.0), crowbar (>=0.1.0 <=0.2.0) +33 more potentially affected by unknown CVE via cpython (>=0.1.0 <=0.7.2)

cpython CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0-beta, =0.1.0, =0.0.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0076...

5.8AI score
Exploits0
OSV
OSVadded 2023/11/14 12:0 p.m.7 views

RUSTSEC-2023-0076 `cpython` is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...

7.4AI score
Exploits0References5
RustSec
RustSecadded 2023/11/14 12:0 p.m.5 views

`cpython` is unmaintained

The cpython crate and the underlying python3-sys and python27-sys crates have been marked as no longer actively maintained by the developer. There are also open issues for unsound code that is currently in these crates: - cpython265: Using some string functions causes segmentation faults on...

7.4AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/11/14 12:0 a.m.6 views

PT-2023-36097 · Python · Cpython

Name of the Vulnerable Software and Affected Versions: cpython affected versions not specified python3-sys affected versions not specified python27-sys affected versions not specified Description: The issue concerns the cpython crate and its underlying crates, python3-sys and python27-sys, which...

7AI score
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2023/11/07 12:0 a.m.22 views

Fedora 39 : pypy3.10 (2023-ddde191e04)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ddde191e04 advisory. Automatic update for pypy3.10-7.3.12-1.3.10.fc39. Changelog Wed Jul 26 2023 Miro Hronok - 7.3.12-1.3.10 - Initial PyPy 3.10 package Wed Jul 26 2023...

8CVSS7.5AI score0.20459EPSS
Exploits4References4
OSV
OSVadded 2023/08/15 5:15 p.m.8 views

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

5.3CVSS6.4AI score
Exploits0References1
NVD
NVDadded 2023/08/15 5:15 p.m.17 views

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

5.3CVSS5.1AI score0.01493EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2023/08/15 5:15 p.m.31 views

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

5.3CVSS6.5AI score0.01493EPSS
Exploits1References2
Rows per page
Query Builder