Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-30595 Out-of-bounds Write vulnerability in Python Pillow 9.1.0
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
network
low complexity
python CWE-787
critical
9.8
2022-05-08 CVE-2022-28470 Unspecified vulnerability in Python Pypi
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
network
low complexity
python
critical
9.8
2022-05-06 CVE-2022-24902 Resource Exhaustion vulnerability in Python Tkvideoplayer
TkVideoplayer is a simple library to play video files in tkinter.
network
low complexity
python CWE-400
4.3
2022-04-13 CVE-2015-20107 Command Injection vulnerability in multiple products
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file.
network
low complexity
python netapp fedoraproject CWE-77
7.6
2022-03-28 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
network
low complexity
python fedoraproject
critical
9.1
2022-03-25 CVE-2018-25032 Out-of-bounds Write vulnerability in multiple products
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5
2022-03-10 CVE-2022-26488 Untrusted Search Path vulnerability in multiple products
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured.
local
high complexity
python netapp CWE-426
7.0
2022-03-10 CVE-2021-3733 Resource Exhaustion vulnerability in multiple products
There's a flaw in urllib's AbstractBasicAuthHandler class.
network
low complexity
python redhat fedoraproject netapp CWE-400
6.5
2022-03-04 CVE-2021-3737 Infinite Loop vulnerability in multiple products
A flaw was found in python.
7.5
2022-02-09 CVE-2022-0391 Injection vulnerability in multiple products
A flaw was found in Python, specifically within the urllib.parse module.
network
low complexity
python netapp fedoraproject oracle CWE-74
7.5