Vulnerabilities > Python > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2019-9674 Resource Exhaustion vulnerability in multiple products
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
network
low complexity
python canonical netapp CWE-400
7.5
7.5
2020-01-28 CVE-2013-1895 Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products
The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.
network
low complexity
python fedoraproject CWE-307
7.5
7.5
2020-01-05 CVE-2019-19911 Integer Overflow or Wraparound vulnerability in multiple products
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large.
network
low complexity
python debian fedoraproject canonical CWE-190
7.5
7.5
2020-01-03 CVE-2020-5313 Out-of-bounds Read vulnerability in multiple products
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
network
low complexity
python debian canonical fedoraproject CWE-125
7.1
7.1
2020-01-03 CVE-2020-5310 Integer Overflow or Wraparound vulnerability in multiple products
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
network
low complexity
python canonical fedoraproject CWE-190
8.8
8.8
2019-11-26 CVE-2019-19275 Out-of-bounds Read vulnerability in Python Typed AST 1.3.0/1.3.1
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read.
network
low complexity
python CWE-125
7.5
7.5
2019-11-26 CVE-2019-19274 Out-of-bounds Read vulnerability in Python Typed AST 1.3.0/1.3.1
typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read.
network
low complexity
python CWE-125
7.5
7.5
2019-11-22 CVE-2012-0877 Resource Exhaustion vulnerability in multiple products
PyXML: Hash table collisions CPU usage Denial of Service
network
low complexity
python redhat CWE-400
7.5
7.5
2019-10-31 CVE-2019-5010 NULL Pointer Dereference vulnerability in multiple products
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6.
network
low complexity
python opensuse debian redhat CWE-476
7.5
7.5
2019-10-28 CVE-2012-5577 Incorrect Default Permissions vulnerability in multiple products
Python keyring lib before 0.10 created keyring files with world-readable permissions.
network
low complexity
python debian CWE-276
7.5
7.5