3.7.4

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-21	CVE-2022-37454	Integer Overflow or Wraparound vulnerability in multiple products The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. network low complexity extended-keccak-code-package-project debian fedoraproject php python sha3-project pysha3-project pypy CWE-190 critical	9.8
2022-09-09	CVE-2020-10735	Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in python. network low complexity python redhat fedoraproject CWE-704	7.5
2022-08-24	CVE-2021-4189	Unchecked Return Value vulnerability in multiple products A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. network low complexity python debian redhat netapp CWE-252	5.3
2022-08-23	CVE-2021-28861	Open Redirect vulnerability in multiple products Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. network low complexity python fedoraproject CWE-601	7.4
2022-04-13	CVE-2015-20107	Command Injection vulnerability in multiple products In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. network low complexity python netapp fedoraproject CWE-77	7.6
2022-03-25	CVE-2018-25032	Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. network low complexity zlib debian fedoraproject apple python mariadb netapp siemens azul goto CWE-787	7.5
2022-03-10	CVE-2022-26488	Untrusted Search Path vulnerability in multiple products In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. local high complexity python netapp CWE-426	7.0
2022-03-10	CVE-2021-3733	Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. network low complexity python redhat fedoraproject netapp CWE-400	6.5
2022-03-04	CVE-2021-3737	Infinite Loop vulnerability in multiple products A flaw was found in python. network low complexity python redhat fedoraproject canonical netapp oracle CWE-835	7.5
2022-02-09	CVE-2022-0391	Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. network low complexity python netapp fedoraproject oracle CWE-74	7.5