Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-40897 Unspecified vulnerability in Python Setuptools
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page.
network
high complexity
python
5.9
2022-11-14 CVE-2022-45198 Unspecified vulnerability in Python Pillow
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
network
low complexity
python
7.5
2022-11-14 CVE-2022-45199 Resource Exhaustion vulnerability in Python Pillow
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
network
low complexity
python CWE-400
7.5
2022-11-09 CVE-2022-45061 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Python before 3.11.1.
network
low complexity
python fedoraproject CWE-400
7.5
2022-11-07 CVE-2022-42919 Unspecified vulnerability in Python
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration.
local
low complexity
python
7.8
2022-10-21 CVE-2022-37454 Integer Overflow or Wraparound vulnerability in multiple products
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
9.8
2022-09-09 CVE-2020-10735 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in python.
network
low complexity
python redhat fedoraproject CWE-704
7.5
2022-08-24 CVE-2021-4189 Unchecked Return Value vulnerability in multiple products
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.
network
low complexity
python debian redhat netapp CWE-252
5.3
2022-08-23 CVE-2021-28861 Open Redirect vulnerability in multiple products
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.
network
low complexity
python fedoraproject CWE-601
7.4
2022-06-16 CVE-2017-20052 Uncontrolled Search Path Element vulnerability in Python 2.7.13
A vulnerability classified as problematic was found in Python 2.7.13.
local
low complexity
python CWE-427
7.8