pkg:Debian/python2.7
96 total CVEsCRITICAL15HIGH25MEDIUM28LOW2
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2026-7210The expat and elementtree parsers use insufficient entropy for XML hash-flooding protectionfrom 0
- from 0, < 2.7.18-8+deb11u1
- from 0, < 2.7.13-2+deb9u6
- from 0, < 2.7.18-2
- CRITICAL9.8CVE-2020-27619In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.from 0
- CRITICAL9.8CVE-2014-4650The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which a…from 0, < 2.7.8-1
- CRITICAL9.8CVE-2019-10160A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.…from 0, < 2.7.16-3
- CRITICAL9.8CVE-2019-9636Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during N…from 0, < 2.7.16-2
- from 0, < 2.7.15-5
- from 0, < 2.7.13-2+deb9u3
- from 0, < 2.7.13-4
- from 0, < 2.7.9-2+deb8u2
- from 0, < 2.7.3-6+deb7u4
- CRITICAL9.8CVE-2016-5636Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 al…from 0, < 2.7.12~rc1-1
- from 0, < 2.7.16-2
- HIGH8.8CVE-2017-17522Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment varia…from 0
- from 0, < 2.7.16-2+deb10u2
- from 0
- from 0
- from 0
- from 0
- from 0, < 2.7.18-8+deb11u1
- from 0, < 2.7.18-8+deb11u1
- from 0
- from 0
- from 0
- from 0, < 2.7.18-8+deb11u1
- from 0, < 2.7.18-2
- HIGH7.5CVE-2013-1753The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memor…from 0, < 2.7.9-1
- HIGH7.5CVE-2019-9674Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.from 0
- HIGH7.5CVE-2019-5010An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.from 0, < 2.7.15-6
- from 0, < 2.7.9-2+deb8u5
- from 0, < 2.7.17~rc1-1
- from 0, < 2.7.9-2+deb8u3
- from 0, < 2.7.15-5
- HIGH7.5CVE-2018-1061python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK m…from 0, < 2.7.14-7
- HIGH7.5CVE-2018-1060python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method.from 0, < 2.7.14-7
- from 0
- HIGH7.4CVE-2021-28861Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginn…from 0
- HIGH7.2CVE-2020-26116http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attac…from 0
- from 0
- from 0
- MEDIUM6.5CVE-2020-8492Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct…from 0, < 2.7.18-2
- from 0, < 2.7.3-6+deb7u3
- from 0, < 2.7.12~rc1-1
- from 0, < 2.7.16-2+deb10u4
- from 0
- MEDIUM6.1CVE-2016-1000110The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow…from 0, < 2.7.12-2
- MEDIUM6.1CVE-2019-18348An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0.from 0, < 2.7.18~rc1-1
- from 0, < 2.7.17~rc1-1
- from 0, < 2.7.13-2+deb9u5
- MEDIUM6.1CVE-2019-9947An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.from 0, < 2.7.16-3
- MEDIUM6.1CVE-2019-9740An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3.from 0, < 2.7.16-3
- MEDIUM6.1CVE-2016-5699CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x b…from 0, < 2.7.10~rc1-1
- MEDIUM5.9CVE-2022-48566An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1.from 0, < 2.7.18-8+deb11u1
- from 0, < 2.7.7-1
- from 0, < 2.7.16-2+deb10u3
- from 0, < 2.7.18-8+deb11u1
- MEDIUM5.9CVE-2013-7440The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames,…from 0, < 2.7.9-1
- from 0
- from 0
- MEDIUM5.3CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.from 0, < 2.7.18-8+deb11u1
- MEDIUM5.3CVE-2023-27043The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character.from 0
- MEDIUM5.3CVE-2021-4189A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.from 0
- from 0, < 2.7.13-2+deb9u4
- from 0, < 2.7.16-3
- from 0, < 2.7.9-2+deb8u4
- from 0
- LOW3.6CVE-2018-1000030Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free.from 0, < 2.7.14-5
- from 0
- —CVE-2026-8328FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host addressfrom 0
- —CVE-2026-6100Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressurefrom 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- from 0
- —CVE-2014-9365The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x…from 0, < 2.7.9-1
- —CVE-2014-7185Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process m…from 0, < 2.7.8-1
- —CVE-2013-7040Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without…from 0
- —CVE-2014-1912Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x befo…from 0, < 2.7.6-6
- from 0, < 2.7.5-5
- from 0, < 2.7.5-8
- from 0, < 2.7.3-6+deb7u2
- —CVE-2012-1150Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to t…from 0, < 2.7.3~rc1-1
- —CVE-2012-0845SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows rem…from 0, < 2.7.3~rc1-1
- —CVE-2011-4944Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces…from 0, < 2.7.3~rc2-2
- —CVE-2011-4940The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x befo…from 0, < 2.7.2-8
- from 0, < 2.7.3~rc1-1
- —CVE-2011-1521The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: U…from 0, < 2.7.1-7
- —CVE-2010-3492The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying…from 0, < 2.7.8-11
- —CVE-2010-2089The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows con…from 0, < 2.7-1
- —CVE-2010-1634Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a…from 0, < 2.7-1