High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-25	CVE-2018-25032	Out-of-bounds Write vulnerability in multiple products zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. network low complexity zlib debian fedoraproject apple python mariadb netapp siemens azul goto CWE-787	7.5
2022-03-10	CVE-2022-26488	Untrusted Search Path vulnerability in multiple products In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. local high complexity python netapp CWE-426	7.0
2022-03-04	CVE-2021-3737	Infinite Loop vulnerability in multiple products A flaw was found in python. network low complexity python redhat fedoraproject canonical netapp oracle CWE-835	7.5
2022-02-09	CVE-2022-0391	Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. network low complexity python netapp fedoraproject oracle CWE-74	7.5
2020-09-27	CVE-2020-26116	Injection vulnerability in multiple products http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. network low complexity python fedoraproject canonical netapp debian oracle opensuse CWE-74	7.2
2020-07-17	CVE-2020-15801	Untrusted Search Path vulnerability in multiple products In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. network low complexity python netapp CWE-426	7.5
2020-07-13	CVE-2019-20907	Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. network low complexity python opensuse debian fedoraproject canonical netapp oracle CWE-835	7.5
2020-02-20	CVE-2014-4650	Path Traversal vulnerability in multiple products The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. network low complexity python redhat CWE-22	7.5
2020-02-04	CVE-2019-9674	Resource Exhaustion vulnerability in multiple products Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. network low complexity python canonical netapp CWE-400	7.5
2019-10-31	CVE-2019-5010	NULL Pointer Dereference vulnerability in multiple products An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. network low complexity python opensuse debian redhat CWE-476	7.5