CVE-2022-26032

Uncontrolled search path element in the IntelR Distribution for Python programming language before version 2022.1 for IntelR oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access...

Exploit for Files or Directories Accessible to External Parties in Dompdf_Project Dompdf

CVE-2022-41343 🐍 Python Exploit for CVE-2022-41343 Staged Rev...

SUSE CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the registerinstance method to register an object without a dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute...

SUSE CVE-2007-1657

Stack-based buffer overflow in the filecompress function in minigzip Modules/zlib in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument...

SUSE CVE-2008-3143

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...

SUSE CVE-2008-4864

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different...

SUSE CVE-2008-5031

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by 1 the stringexpandtabs function in Objects/stringobject.c and 2 the...

SUSE CVE-2010-0395

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text ODT file that triggers code execution when the macro directory structure is previewed...

SUSE CVE-2010-1450

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the 1 longimagedata or 2 expandrow function...

SUSE CVE-2010-1634

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a...

SUSE CVE-2010-2089

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service memory corruption and application crash via crafted arguments, as demonstrated by a call to...

SUSE CVE-2010-3492

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to condu...

SUSE CVE-2012-2135

The utf-16 decoder in Python 3.1 through 3.3 does not update the alignedend variable after calling the unicodedecodecallerrorhandler function, which allows remote attackers to obtain sensitive information process memory or cause a denial of service memory corruption and crash via unspecified...

SUSE CVE-2013-1633

easyinstall in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product...

SUSE CVE-2013-1752

Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not yet fixed in 2.7.x...

SUSE CVE-2013-1753

The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...

SUSE CVE-2014-2667

Race condition in the getmaskedmode function in Lib/os.py in Python 3.2 through 3.5, when existok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the...

SUSE CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function...

SUSE CVE-2014-9365

The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches a domain name in the subject'...

SUSE CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...