National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): python
  • Search Type: Search All
There are 373 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2009-4134

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

Published: May 27, 2010; 03:30:01 PM -04:00
V2: 5.0 MEDIUM
CVE-2010-1338

SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.

Published: April 09, 2010; 02:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2009-3560

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Published: December 04, 2009; 04:30:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2009-4081

Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894.

Published: November 29, 2009; 08:07:52 AM -05:00
V2: 4.4 MEDIUM
CVE-2009-3894

Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory.

Published: November 29, 2009; 08:07:52 AM -05:00
V2: 4.4 MEDIUM
CVE-2009-3578

Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."

Published: November 24, 2009; 12:30:00 PM -05:00
V2: 9.3 HIGH
CVE-2009-3850

Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

Published: November 06, 2009; 10:30:00 AM -05:00
V2: 9.3 HIGH
CVE-2009-3720

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Published: November 03, 2009; 11:30:12 AM -05:00
V2: 5.0 MEDIUM
CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.

Published: October 22, 2009; 12:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2009-2701

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Published: September 08, 2009; 02:30:00 PM -04:00
V2: 6.0 MEDIUM
CVE-2008-6954

The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.

Published: August 12, 2009; 06:30:00 AM -04:00
V2: 9.0 HIGH
CVE-2009-0669

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Published: August 07, 2009; 03:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2009-0668

Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.

Published: August 07, 2009; 03:30:00 PM -04:00
V2: 6.5 MEDIUM
CVE-2008-6549

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

Published: March 29, 2009; 09:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2008-6547

schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.

Published: March 29, 2009; 09:30:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-6539

Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.

Published: March 29, 2009; 09:30:00 PM -04:00
V2: 6.5 MEDIUM
CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Published: March 04, 2009; 09:30:00 PM -05:00
V2: 9.3 HIGH
CVE-2009-0318

Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Published: January 28, 2009; 06:30:00 AM -05:00
V2: 6.9 MEDIUM
CVE-2009-0317

Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Published: January 28, 2009; 06:30:00 AM -05:00
V2: 6.9 MEDIUM
CVE-2009-0316

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Published: January 28, 2009; 06:30:00 AM -05:00
V2: 6.9 MEDIUM