Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 10:3 p.m.12 views

Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...

7.8CVSS6.7AI score0.00193EPSS
Exploits0Affected Software2
OSV
OSV
added 2025/08/11 1:52 p.m.4 views

BIT-LIBPYTHON-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

7.4CVSS6.8AI score0.00804EPSS
Exploits0References13
OSV
OSV
added 2024/06/17 4:15 p.m.7 views

AZL-42784 CVE-2024-0397 affecting package python3 for versions less than 3.12.3-1

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

7.4CVSS6.7AI score0.00804EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/28 12:0 a.m.6 views

PT-2020-20082 · Microsoft +2 · Windows 8 +3

Name of the Vulnerable Software and Affected Versions: Python CPython versions 3.6 through 3.6.10 Python CPython versions 3.7 through 3.7.6 Python CPython versions 3.8 through 3.8.1 Description: An insecure dependency load upon launch on Windows 7 may result in an attacker's copy of...

9.8CVSS6.4AI score0.51733EPSS
Exploits23References122
RedHat Linux
RedHat Linux
added 2019/08/06 12:52 p.m.2 views

python: CRLF injection via the query part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? charact...

6.1CVSS6.7AI score0.05328EPSS
Exploits1References4
OSV
OSV
added 2019/03/23 12:0 a.m.2 views

UBUNTU-CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

6.1CVSS6.8AI score0.05406EPSS
Exploits1References6
OSV
OSV
added 2018/12/23 12:0 a.m.6 views

UBUNTU-CVE-2018-20406

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

7.5CVSS6.8AI score0.05789EPSS
Exploits1References6
Rows per page
Query Builder