Search for packages
| purl | pkg:deb/debian/python2.7@2.7.18-8%2Bdeb11u1?distro=bullseye |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1hw3-vhwb-nkcd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-12718
|
| VCID-1mw1-384y-huc7 | Uncontrolled Resource Consumption Algorithmic complexity vulnerability in the `ssl.match_hostname` function and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. |
CVE-2013-2099
|
| VCID-1pr1-jkqa-43g6 | cpython: CPython: Logging Bypass in Legacy .pyc File Handling |
CVE-2026-2297
|
| VCID-1taa-a9e4-tbc5 | python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc |
CVE-2019-10160
|
| VCID-1u4y-mg1p-audj | Multiple vulnerabilities have been found in Python, the worst of which allow remote attackers to cause a Denial of Service condition. |
CVE-2012-1150
|
| VCID-22da-bqwg-2fdf | python: rgbimg: multiple security issues |
CVE-2010-1450
|
| VCID-2czu-wy37-qugf | python: constant-time-defeating optimisations issue in the compare_digest function in Lib/hmac.p |
CVE-2022-48566
|
| VCID-2j3t-a3r6-vfg7 | Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. |
CVE-2021-3426
|
| VCID-2shb-2cvn-dyd2 | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-24329
|
| VCID-2v5u-2z4w-ffgx | python: incorrect IPv4 and IPv6 private ranges |
CVE-2024-4032
|
| VCID-34fd-g6ss-t3fj | python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data |
CVE-2018-20406
|
| VCID-3mu8-g6x3-effb | python: http protocol steam injection attack |
CVE-2016-5699
|
| VCID-4afh-28ss-mudf | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4138
|
| VCID-4pej-k4vs-j3d2 | python: sys.path allowing code to be loaded from arbitrary locations |
CVE-2020-15801
|
| VCID-4py6-hkzp-v3d4 | security update |
CVE-2018-1060
|
| VCID-4q79-666d-rygx | python: XML External Entity in XML processing plistlib module |
CVE-2022-48565
|
| VCID-4z89-3tfk-pyge | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-40217
|
| VCID-57c6-hx7f-efc6 | python: CRLF injection via the host part of the url passed to urlopen() |
CVE-2019-18348
|
| VCID-757r-fs6p-qqdd | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4517
|
| VCID-7jat-6ags-qbdr | security update |
CVE-2018-14647
|
| VCID-7ka5-7jrn-dber | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6597
|
| VCID-7nj2-94zp-d3bp | python: DoS when processing malformed Apple Property List files in binary format |
CVE-2022-48564
|
| VCID-7q8s-6emv-ykhx | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2013-7338
|
| VCID-8aq9-8cf5-qbet | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2014-9365
|
| VCID-8jfv-cqa8-7yb6 | python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs |
CVE-2014-4650
|
| VCID-8zdt-4q7m-t7ht | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2025-4330
|
| VCID-94n7-6q4s-3udv | cpython: Header injection via newlines in data URL mediatype in Python |
CVE-2025-15282
|
| VCID-9jj2-hsne-mbac | security update |
CVE-2013-4238
|
| VCID-9mcr-rmtb-mufj | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-9740
|
| VCID-a7h6-8ece-kqec | Multiple vulnerabilities have been found in Python, the worst of which allow remote attackers to cause a Denial of Service condition. |
CVE-2010-1634
|
| VCID-a8mv-mr3q-vygz | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-42919
|
| VCID-atth-tm5r-nfc8 | Multiple vulnerabilities have been found in Python, the worst of which allow remote attackers to cause a Denial of Service condition. |
CVE-2012-0845
|
| VCID-bn83-d2qp-9bfy | cpython: Missing character filtering in Python |
CVE-2025-11468
|
| VCID-c97c-3177-wkhx | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2016-5636
|
| VCID-dkxn-j9dr-sqbp | Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. |
CVE-2021-3177
|
| VCID-dnv8-yrd6-c7cv | Multiple vulberabilities have been discovered in Python and PyPy, the worst of which can lead to privilege escalation. |
CVE-2024-8088
|
| VCID-dv5v-71b5-budp | python: use after free in heappushpop() of heapq module |
CVE-2022-48560
|
| VCID-e1yx-dxa6-1bba | Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. |
CVE-2011-3389
|
| VCID-efdj-sb7s-p3fk | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2020-14422
|
| VCID-emku-csrd-4bg5 | python: unsafe dll loading in getpathp.c on Windows |
CVE-2020-8315
|
| VCID-enav-dz7a-pqdq | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2014-2667
|
| VCID-ewbq-2gm8-tyf5 | Buffer overflow in sponge queue functions ### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details. |
CVE-2022-37454
GHSA-6w4m-2xhg-2658 |
| VCID-ez5b-fvw8-hkh3 | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2014-1912
|
| VCID-f5vu-k9rc-27fz | Improper Validation of Array Index Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. |
CVE-2014-4616
GHSA-9772-cwx9-r4cj |
| VCID-g81p-pg7g-xfcf | python: wildcard matching rules do not follow RFC 6125 |
CVE-2013-7440
|
| VCID-gfzb-b7tt-fkgz | A buffer overflow in Python might allow remote attackers to cause a Denial of Service condition. |
CVE-2018-1000030
|
| VCID-gkfp-ga1r-jkag | A vulnerability in Python could lead to a Denial of Service condition. |
CVE-2020-8492
|
| VCID-gxvd-xhmx-2uh9 | python: sensitive information can be obtained via the _asyncio._swap_current_task component. |
CVE-2023-38898
|
| VCID-hcq4-yq9k-jygb | security update |
CVE-2018-1000802
|
| VCID-hgwh-tzsf-suc1 | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2016-0772
|
| VCID-hssa-umby-eud3 | python: local privilege escalation via search path in Windows |
CVE-2022-26488
|
| VCID-hz5k-rky7-nucg | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-41105
|
| VCID-j9s6-2y47-zbbt | security update |
CVE-2018-1061
|
| VCID-k18q-3e9y-ykgf | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-9948
|
| VCID-m7bx-qd2f-4qc9 | python: distutils creates ~/.pypirc insecurely |
CVE-2011-4944
|
| VCID-mzd5-dwty-bqhf | Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. |
CVE-2014-7185
|
| VCID-n5bc-vs4j-nfdp | In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. |
CVE-2020-15523
|
| VCID-nvmn-jbw1-47cq | python: rgbimg: multiple security issues |
CVE-2009-4134
|
| VCID-ppqx-qup8-sqbz | python: email.utils.parseaddr wrongly parses email addresses |
CVE-2019-16056
|
| VCID-q6g1-cjz3-77e4 | cpython: Tarfile extracts filtered members when errorlevel=0 |
CVE-2025-4435
|
| VCID-rnkj-2dgz-kuah | python: rgbimg: multiple security issues |
CVE-2010-1449
|
| VCID-s2wz-ghk2-kkg3 | Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. |
CVE-2018-1000117
|
| VCID-s7qf-hjkq-wkdy | Multiple vulberabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. |
CVE-2023-6507
|
| VCID-sbe1-cx8r-aba1 | On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions. |
CVE-2024-4030
|
| VCID-tbuw-2msj-tqd9 | python: Virtual environment (venv) activation scripts don't quote paths |
CVE-2024-9287
|
| VCID-tyk4-kazt-kydj | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-20907
|
| VCID-ugfy-dufq-hfb2 | CGIHandler: sets environmental variable based on user supplied Proxy request header |
CVE-2016-1000110
|
| VCID-v6ry-7xxz-nbeu | CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. |
CVE-2023-33595
|
| VCID-v84j-ugn9-w3c8 | python: XSS vulnerability in the documentation XML-RPC server in server_title field |
CVE-2019-16935
|
| VCID-vpwj-d49q-1uh8 | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2022-0391
|
| VCID-w6k8-js68-87g4 | Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. |
CVE-2021-23336
|
| VCID-w85n-mm5g-5yd1 | python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding |
CVE-2013-1753
|
| VCID-wa9f-nvnp-euce | Multiple vulnerabilities have been found in Python, the worst of which allow remote attackers to cause a Denial of Service condition. |
CVE-2010-2089
|
| VCID-wq7w-nrar-ykde | A buffer overflow in Python might allow remote attackers to execute arbitrary code. |
CVE-2017-1000158
|
| VCID-wxhp-wayg-qbd1 | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-9636
|
| VCID-x7h3-nmjt-aud5 | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-9947
|
| VCID-xdsh-83s2-wyd6 | urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662) |
CVE-2011-1521
|
| VCID-xv9p-nyha-xygv | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2018-20852
|
| VCID-ye66-bk4w-vbbm | python: potential XSS in SimpleHTTPServer's list_directory() |
CVE-2011-4940
|
| VCID-ymg5-42xm-7fh9 | The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. |
CVE-2024-3219
|
| VCID-yqm8-fk44-4yhk | Multiple vulnerabilities have been found in Python, the worst of which could result in a Denial of Service condition. |
CVE-2019-5010
|
| VCID-z48d-eyxz-bycq | Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. |
CVE-2021-29921
|
| VCID-z6kh-961g-duck | Multiple vulnerabilities have been found in Python, the worst of which allow remote attackers to cause a Denial of Service condition. |
CVE-2010-3492
|
| VCID-zxzn-25zt-ukct | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details. |
CVE-2026-4786
|