Search for packages
| purl | pkg:deb/debian/python2.7@0?distro=bullseye |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1hw3-vhwb-nkcd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-12718
|
| VCID-1pr1-jkqa-43g6 | cpython: CPython: Logging Bypass in Legacy .pyc File Handling |
CVE-2026-2297
|
| VCID-22da-bqwg-2fdf | python: rgbimg: multiple security issues |
CVE-2010-1450
|
| VCID-2j3t-a3r6-vfg7 | Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. |
CVE-2021-3426
|
| VCID-2v5u-2z4w-ffgx | python: incorrect IPv4 and IPv6 private ranges |
CVE-2024-4032
|
| VCID-34fd-g6ss-t3fj | python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data |
CVE-2018-20406
|
| VCID-4afh-28ss-mudf | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4138
|
| VCID-4pej-k4vs-j3d2 | python: sys.path allowing code to be loaded from arbitrary locations |
CVE-2020-15801
|
| VCID-757r-fs6p-qqdd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4517
|
| VCID-7ka5-7jrn-dber | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6597
|
| VCID-7nj2-94zp-d3bp | python: DoS when processing malformed Apple Property List files in binary format |
CVE-2022-48564
|
| VCID-7q8s-6emv-ykhx | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2013-7338
|
| VCID-8zdt-4q7m-t7ht | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4330
|
| VCID-94n7-6q4s-3udv | cpython: Header injection via newlines in data URL mediatype in Python |
CVE-2025-15282
|
| VCID-a8mv-mr3q-vygz | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-42919
|
| VCID-bn83-d2qp-9bfy | cpython: Missing character filtering in Python |
CVE-2025-11468
|
| VCID-dnv8-yrd6-c7cv | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-8088
|
| VCID-efdj-sb7s-p3fk | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2020-14422
|
| VCID-emku-csrd-4bg5 | python: unsafe dll loading in getpathp.c on Windows |
CVE-2020-8315
|
| VCID-enav-dz7a-pqdq | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2014-2667
|
| VCID-ewbq-2gm8-tyf5 | Buffer overflow in sponge queue functions ### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details. |
CVE-2022-37454
GHSA-6w4m-2xhg-2658 |
| VCID-gxvd-xhmx-2uh9 | python: sensitive information can be obtained via the _asyncio._swap_current_task component. |
CVE-2023-38898
|
| VCID-hssa-umby-eud3 | python: local privilege escalation via search path in Windows |
CVE-2022-26488
|
| VCID-hz5k-rky7-nucg | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-41105
|
| VCID-n5bc-vs4j-nfdp | In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. |
CVE-2020-15523
|
| VCID-nvmn-jbw1-47cq | python: rgbimg: multiple security issues |
CVE-2009-4134
|
| VCID-q6g1-cjz3-77e4 | cpython: Tarfile extracts filtered members when errorlevel=0 |
CVE-2025-4435
|
| VCID-rnkj-2dgz-kuah | python: rgbimg: multiple security issues |
CVE-2010-1449
|
| VCID-s2wz-ghk2-kkg3 | Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. |
CVE-2018-1000117
|
| VCID-s7qf-hjkq-wkdy | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6507
|
| VCID-sbe1-cx8r-aba1 | On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. |
CVE-2024-4030
|
| VCID-tbuw-2msj-tqd9 | python: Virtual environment (venv) activation scripts don't quote paths |
CVE-2024-9287
|
| VCID-v6ry-7xxz-nbeu | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. |
CVE-2023-33595
|
| VCID-ymg5-42xm-7fh9 | The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. |
CVE-2024-3219
|
| VCID-z48d-eyxz-bycq | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2021-29921
|
| VCID-zxzn-25zt-ukct | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. |
CVE-2026-4786
|