CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

614 matches found

OSV•added 2009/01/28 11:30 a.m.•5 views

CVE-2009-0318

Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySysSetArgv function CVE-2008-5983...

6.8AI score

Exploits0References9

UbuntuCve•added 2009/01/27 12:0 a.m.•30 views

CVE-2008-5983

Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...

6.9CVSS6.2AI score0.00118EPSS

Exploits1References5

OSV•added 2008/04/21 8:0 p.m.•7 views

PSF-2008-1 Multiple integer overflows (Apple)

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965...

6.8CVSS7.6AI score0.00447EPSS

Exploits0References1

Cvelist•added 2005/02/06 5:0 a.m.•45 views

CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the registerinstance method to register an object without a dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute...

6.9AI score0.09112EPSS

Exploits0References12

Ubuntu•added 2005/02/04 1:18 a.m.•58 views

USN-73-1: Python vulnerability

The Python developers discovered a flaw in the SimpleXMLRPCServer module. Python XML-RPC servers that used the registerinstance method to register an object, but do not have a dispatch method, allowed remote users to access or change function internals using the im and func attributes...

7.5CVSS5.4AI score0.09112EPSS

Exploits0

FreeBSD•added 2005/02/03 12:0 a.m.•44 views

python -- SimpleXMLRPCServer.py allows unrestricted traversal

According to Python Security Advisory PSF-2005-001, The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. The flaw only affects Python XML-RPC...

7.5CVSS7.1AI score0.09112EPSS

Exploits0References1

Tenable Nessus•added 2004/09/29 12:0 a.m.•24 views

Debian DSA-159-1 : python - insecure temporary files

Zack Weinberg discovered an insecure use of a temporary file in os.execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

4.6CVSS5.6AI score0.00144EPSS

Exploits0References2

Cvelist•added 2004/09/01 4:0 a.m.•21 views

CVE-2002-1119

os.execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack...

7AI score0.00144EPSS

Exploits0References10

Tenable Nessus•added 2004/07/31 12:0 a.m.•32 views

Mandrake Linux Security Advisory : python (MDKSA-2002:082-1)

A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe tries to execute it, which can be used by a local attacker to execute arbitrary code with the privileg...

4.6CVSS5.8AI score0.00144EPSS

Exploits0References3

NVD•added 2004/04/15 4:0 a.m.•15 views

CVE-2004-0150

Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS...

7.5CVSS7.7AI score0.07895EPSS

Exploits0References6

Positive Technologies•added 2004/04/15 12:0 a.m.•1 views

PT-2004-1331 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python versions 2.2 through 2.2.1 Description: A buffer overflow issue exists in the getaddrinfo function when IPv6 support is disabled, allowing remote attackers to execute arbitrary code via an IPv6 address obtained using DNS...

7.5CVSS7.8AI score0.07895EPSS

Exploits0References8

NVD•added 2002/10/04 4:0 a.m.•12 views

CVE-2002-1119

os.execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack...

4.6CVSS7.1AI score0.00144EPSS

Exploits0References10

securityvulns•added 2002/10/04 12:0 a.m.•35 views

GLSA: python

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - - -------------------------------------------------------------------- PACKAGE :python SUMMARY :os.execvpe vulnerability DATE ...

1.8AI score

Exploits0

Exploit DB•added 2002/07/17 12:0 a.m.•35 views

Python 1.5.2 Pickle - Unsafe 'eval()' Code Execution

source: https://www.securityfocus.com/bid/5255/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form "pickling", and later recover the data back into an object hierarchy "unpickling". A...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by