3.6.4

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-24	CVE-2021-4189	Unchecked Return Value vulnerability in multiple products A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. network low complexity python debian redhat netapp CWE-252	5.3
2022-08-23	CVE-2021-28861	Open Redirect vulnerability in multiple products Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. network low complexity python fedoraproject CWE-601	7.4
2022-03-10	CVE-2022-26488	Untrusted Search Path vulnerability in multiple products In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. local high complexity python netapp CWE-426	7.0
2022-03-10	CVE-2021-3733	Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. network low complexity python redhat fedoraproject netapp CWE-400	6.5
2022-03-04	CVE-2021-3737	Infinite Loop vulnerability in multiple products A flaw was found in python. network low complexity python redhat fedoraproject canonical netapp oracle CWE-835	7.5
2022-02-09	CVE-2022-0391	Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. network low complexity python netapp fedoraproject oracle CWE-74	7.5
2021-05-20	CVE-2021-3426	Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. low complexity python fedoraproject debian redhat netapp oracle CWE-22	5.7
2021-02-15	CVE-2021-23336	HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. network high complexity python fedoraproject debian netapp djangoproject oracle CWE-444	5.9
2021-01-19	CVE-2021-3177	Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. network low complexity python fedoraproject netapp debian oracle CWE-120 critical	9.8
2020-10-22	CVE-2020-27619	In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. network low complexity python fedoraproject oracle critical	9.8