Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2020-01-05 CVE-2019-19911 Integer Overflow or Wraparound vulnerability in multiple products
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large.
network
low complexity
python debian fedoraproject canonical CWE-190
7.5
7.5
2020-01-03 CVE-2020-5313 Out-of-bounds Read vulnerability in multiple products
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-125
7.1
7.1
2020-01-03 CVE-2020-5312 Classic Buffer Overflow vulnerability in multiple products
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
network
low complexity
python canonical debian fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5311 Classic Buffer Overflow vulnerability in multiple products
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5310 Integer Overflow or Wraparound vulnerability in multiple products
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
network
low complexity
python canonical fedoraproject CWE-190
8.8
8.8
2019-11-27 CVE-2016-1000110 Open Redirect vulnerability in multiple products
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
network
low complexity
python debian fedoraproject CWE-601
6.1
6.1
2019-11-26 CVE-2019-19275 Out-of-bounds Read vulnerability in Python Typed AST 1.3.0/1.3.1
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read.
network
low complexity
python CWE-125
7.5
7.5
2019-11-26 CVE-2019-19274 Out-of-bounds Read vulnerability in Python Typed AST 1.3.0/1.3.1
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read.
network
low complexity
python CWE-125
7.5
7.5
2019-11-25 CVE-2012-5578 Incorrect Default Permissions vulnerability in Python Keyring
Python keyring has insecure permissions on new databases allowing world-readable files to be created
local
low complexity
python CWE-276
6.2
6.2
2019-11-22 CVE-2012-0877 Resource Exhaustion vulnerability in multiple products
PyXML: Hash table collisions CPU usage Denial of Service
network
low complexity
python redhat CWE-400
7.5
7.5