Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:14 p.m.8 views

CVE-2020-15523

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...

7.8CVSS6.7AI score0.00895EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/09/11 12:0 a.m.18 views

Python < 3.5.10, 3.6.x < 3.6.12, 3.7.x < 3.7.9, 3.8.x - 3.8.4rc1, 3.9.x - 3.9.0b4 Python Issue (bpo-29778) - Windows

Python is prone to an invalid search path vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

7.8CVSS8.8AI score0.00895EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/08/20 12:0 a.m.30 views

FreeBSD : Python -- multiple vulnerabilities (3fcb70a4-e22d-11ea-98b2-080027846a02)

Python reports : bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

7.8CVSS7.3AI score0.12826EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2020/08/19 12:0 a.m.72 views

Python -- multiple vulnerabilities

Python reports: bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest…. bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and...

7.8CVSS7.6AI score0.12826EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/07/31 12:0 a.m.122 views

Python DLL Loading Local Privilege Escalation

The version of Python installed on the remote Windows host is 3.6.x prior to 3.6.12, 3.7.x prior to 3.7.9, 3.8.x prior to 3.8.4, or 3.9.x prior to 3.9.0b5. It is, therefore, affected by an elevation of privilege vulnerability. A Trojan horse python3.dll might be used in cases where CPython is...

7.8CVSS7.1AI score0.00895EPSS
Exploits0References2
CVE
CVE
added 2020/07/04 10:54 p.m.267 views

CVE-2020-15523

CVE-2020-15523 : On Windows, CPython embedded in a native app may load an attacker-controlled python3.dll due to an invalid search path for python3.dll after Py_SetPath. A Trojan horse python3.dll could be loaded for Python 3.6.0–3.6.10, 3.7.0–3.7.8, 3.8.0–3.8.4rc1, and 3.9.0–3.9.0b4, unless the ...

7.8CVSS7.4AI score0.00895EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2020/06/17 12:0 a.m.51 views

Python -- multiple vulnerabilities

Python reports: bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded CVE-2020-15523. bpo-41004: CVE-2020-14422: The hash methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This...

7.8CVSS0.3AI score0.12826EPSS
Exploits0References2
Rows per page
Query Builder