Filtered by vendor Python
Subscribe
Total
224 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3426 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Cloud Backup and 7 more | 2024-02-28 | 2.7 LOW | 5.7 MEDIUM |
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | |||||
CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
CVE-2021-28667 | 2 Python, Stackstorm | 2 Python, Stackstorm | 2024-02-28 | 7.1 HIGH | 7.5 HIGH |
StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory and disk space. This can occur if Python 3.x is used, the locale is not utf-8, and there is an attempt to log Unicode data (from an action or rule name). | |||||
CVE-2021-27922 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |||||
CVE-2020-26116 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-02-28 | 6.4 MEDIUM | 7.2 HIGH |
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | |||||
CVE-2021-25291 | 1 Python | 1 Pillow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | |||||
CVE-2021-3177 | 5 Debian, Fedoraproject, Netapp and 2 more | 10 Debian Linux, Fedora, Active Iq Unified Manager and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | |||||
CVE-2020-29396 | 2 Odoo, Python | 2 Odoo, Python | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. | |||||
CVE-2020-27619 | 3 Fedoraproject, Oracle, Python | 3 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | |||||
CVE-2021-27923 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |||||
CVE-2020-35653 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | |||||
CVE-2020-35654 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | |||||
CVE-2021-23336 | 6 Debian, Djangoproject, Fedoraproject and 3 more | 12 Debian Linux, Django, Fedora and 9 more | 2024-02-28 | 4.0 MEDIUM | 5.9 MEDIUM |
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | |||||
CVE-2021-25289 | 1 Python | 1 Pillow | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | |||||
CVE-2021-25293 | 1 Python | 1 Pillow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | |||||
CVE-2020-26137 | 4 Canonical, Debian, Oracle and 1 more | 5 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | |||||
CVE-2021-25292 | 1 Python | 1 Pillow | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | |||||
CVE-2020-35655 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | |||||
CVE-2021-25290 | 2 Debian, Python | 2 Debian Linux, Pillow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | |||||
CVE-2020-10379 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. |