Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2021-01-12 CVE-2020-35655 Out-Of-Bounds Read vulnerability in Python Pillow
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
network
python CWE-125
5.8
2021-01-12 CVE-2020-35654 Out-Of-Bounds Write vulnerability in Python Pillow
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
network
python CWE-787
6.8
2021-01-12 CVE-2020-35653 Out-Of-Bounds Read vulnerability in Python Pillow
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
network
python CWE-125
5.8
2020-10-22 CVE-2020-27619 Unspecified vulnerability in Python
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
network
low complexity
python
7.5
2020-09-30 CVE-2020-26137 Injection vulnerability in Python Urllib3
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest().
network
low complexity
python CWE-74
6.4
2020-09-27 CVE-2020-26116 Improper Encoding OR Escaping of Output vulnerability in multiple products
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
network
low complexity
python fedoraproject CWE-116
6.4
2020-07-17 CVE-2020-15801 Incorrect Authorization vulnerability in Python 3.8.4
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations.
network
low complexity
python CWE-863
7.5
2020-07-13 CVE-2019-20907 Improper Input Validation vulnerability in multiple products
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
5.0
2020-07-04 CVE-2020-15523 Uncontrolled Search Path Element vulnerability in Python
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application.
local
python CWE-427
6.9
2020-06-25 CVE-2020-11538 Out-Of-Bounds Read vulnerability in multiple products
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
6.8