Vulnerabilities > Python
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-12 | CVE-2020-35655 | Out-Of-Bounds Read vulnerability in Python Pillow In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | 5.8 |
| 2021-01-12 | CVE-2020-35654 | Out-Of-Bounds Write vulnerability in Python Pillow In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | 6.8 |
| 2021-01-12 | CVE-2020-35653 | Out-Of-Bounds Read vulnerability in Python Pillow In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | 5.8 |
| 2020-10-22 | CVE-2020-27619 | Unspecified vulnerability in Python In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 7.5 |
| 2020-09-30 | CVE-2020-26137 | Injection vulnerability in Python Urllib3 urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). | 6.4 |
| 2020-09-27 | CVE-2020-26116 | Improper Encoding OR Escaping of Output vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | 6.4 |
| 2020-07-17 | CVE-2020-15801 | Incorrect Authorization vulnerability in Python 3.8.4 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. | 7.5 |
| 2020-07-13 | CVE-2019-20907 | Improper Input Validation vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | 5.0 |
| 2020-07-04 | CVE-2020-15523 | Uncontrolled Search Path Element vulnerability in Python In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. | 6.9 |
| 2020-06-25 | CVE-2020-11538 | Out-Of-Bounds Read vulnerability in multiple products In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | 6.8 |