CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Tenable Nessus•added 2025/06/16 12:0 a.m.•5 views

TencentOS Server 4: python3.11 (TSSA-2024:0758)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0758 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.8AI score0.00061EPSS

Exploits0References2

Tenable Nessus•added 2025/06/16 12:0 a.m.•4 views

TencentOS Server 4: python3.12 (TSSA-2024:0944)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0944 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.8AI score0.00061EPSS

Exploits0References2

Tenable Nessus•added 2025/05/14 12:0 a.m.•5 views

Alibaba Cloud Linux 3 : 0278: python3.11 (ALINUX3-SA-2024:0278)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0278 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9287: A vulnerability has been found in th...

7.8CVSS6.7AI score0.00061EPSS

Exploits0References2

Tenable Nessus•added 2025/03/06 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2024-9287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowi...

7.8CVSS7.4AI score0.00061EPSS

Exploits0References2

Redos•added 2025/02/12 12:0 a.m.•77 views

ROS-20250212-03

A vulnerability in the cpython module of the Python programming language is related to improper input validation in module venv module when creating a virtual environment. Exploitation of the vulnerability allows an attacker to execute arbitrary code...

7.8CVSS7.8AI score0.00061EPSS

Exploits0

Tenable Nessus•added 2025/02/10 12:0 a.m.•5 views

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1143)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted...

7.8CVSS6.8AI score0.00061EPSS

Exploits0References2

Amazon•added 2025/01/24 12:0 a.m.•3 views

Important: python3.12

Issue Overview: Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the...

8.7CVSS7.9AI score0.00249EPSS

Exploits0

Tenable Nessus•added 2025/01/24 12:0 a.m.•22 views

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-808)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-808 advisory. Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelinesmethod would not pause writing and signal to the Protocol to drainthe buffer to the wire once the write buffer reached t...

8.7CVSS7.4AI score0.00249EPSS

Exploits0References6

OSV•added 2024/12/13 12:39 p.m.•27 views

BIT-PYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

7.8CVSS7.2AI score0.00061EPSS

Exploits0References13

Tenable Nessus•added 2024/11/19 12:0 a.m.•19 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Python vulnerability (USN-7116-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7116-1 advisory. It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control...

7.8CVSS7.6AI score0.00061EPSS

Exploits0References2

OpenVAS•added 2024/10/23 12:0 a.m.•39 views

Python Command Injection Vulnerability (Oct 2024) - Windows

Python is prone to a command injection vulnerability in the venv module. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.8CVSS7AI score0.00061EPSS

Exploits0References9

OpenVAS•added 2024/10/23 12:0 a.m.•18 views

Python Command Injection Vulnerability (Oct 2024) - Linux

7.8CVSS7AI score0.00061EPSS

Exploits0References9

OpenVAS•added 2024/10/23 12:0 a.m.•18 views

Python Command Injection Vulnerability (Oct 2024) - Mac OS X

7.8CVSS7AI score0.00061EPSS

Exploits0References9

NVD•added 2024/10/22 5:15 p.m.•16 views

CVE-2024-9287

7.8CVSS0.00061EPSS

Exploits0References12

OSV•added 2024/10/22 5:15 p.m.•10 views

CVE-2024-9287

7.8CVSS6.3AI score

Exploits0References12

CVE•added 2024/10/22 4:34 p.m.•1998 views

CVE-2024-9287

CVE-2024-9287 affects the CPython venv/CLI: unquoted path names when creating a virtual environment enable command injection into activation scripts (e.g., source venv/bin/activate). Affected environments can execute attacker-controlled commands upon activation; environments not created by an att...

7.8CVSS6.6AI score0.00061EPSS

Exploits0References12Affected Software1