Vulnerabilities > Python > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-29921 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string.
network
low complexity
python oracle
critical
 9.8
9.8
2021-03-19 CVE-2021-25289 Out-of-bounds Write vulnerability in Python Pillow
An issue was discovered in Pillow before 8.1.1.
network
low complexity
python CWE-787
critical
 9.8
9.8
2021-01-19 CVE-2021-3177 Classic Buffer Overflow vulnerability in multiple products
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param.
network
low complexity
python fedoraproject netapp debian oracle CWE-120
critical
 9.8
9.8
2020-10-22 CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
network
low complexity
python fedoraproject oracle
critical
 9.8
9.8
2020-07-17 CVE-2020-15801 Untrusted Search Path vulnerability in multiple products
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations.
network
low complexity
python netapp CWE-426
critical
 9.8
9.8
2020-05-22 CVE-2020-13388 OS Command Injection vulnerability in Python Jw.Util
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python.
network
low complexity
python CWE-78
critical
 9.8
9.8
2020-02-20 CVE-2014-4650 Path Traversal vulnerability in multiple products
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
network
low complexity
python redhat CWE-22
critical
 9.8
9.8
2020-01-03 CVE-2020-5312 Classic Buffer Overflow vulnerability in multiple products
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
network
low complexity
python canonical debian fedoraproject CWE-120
critical
 9.8
9.8
2020-01-03 CVE-2020-5311 Classic Buffer Overflow vulnerability in multiple products
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-120
critical
 9.8
9.8
2019-06-19 CVE-2019-12900 Out-of-bounds Write vulnerability in multiple products
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
network
low complexity
bzip debian opensuse canonical freebsd python CWE-787
critical
 9.8
9.8