MidnightBSD

Advisories for python

CVE-2002-1119 MEDIUM

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python *
CVE-2004-0150 HIGH

Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
python python *
CVE-2005-0089 HIGH

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python 2.4.0
python python *
CVE-2006-1542 LOW

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python *
CVE-2006-4980 HIGH

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python *
CVE-2007-2052 MEDIUM

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-193,

Products Affected

Vendor Product Version
python python 2.5.0
python python 2.4.0
CVE-2007-4559 MEDIUM

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
python python *
CVE-2007-4965 MEDIUM

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python *
CVE-2008-1679 MEDIUM

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python *
CVE-2008-2315 HIGH

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python *
CVE-2008-2316 HIGH

Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
python python *
CVE-2008-3143 HIGH

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python *
CVE-2008-3144 MEDIUM

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python *
CVE-2008-5983 MEDIUM

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
fedoraproject fedora 13
python python *
canonical ubuntu_linux 11.04
CVE-2009-4134 MEDIUM

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
python python 2.5.0
CVE-2010-1449 HIGH

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python 2.5.0
CVE-2010-1450 HIGH

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
python python 2.5.0
CVE-2010-1634 MEDIUM

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 8.04
canonical ubuntu_linux 10.04
opensuse opensuse 11.3
canonical ubuntu_linux 11.10
suse linux_enterprise_server 10
suse linux_enterprise_server 11
fedoraproject fedora 13
python python *
canonical ubuntu_linux 11.04
opensuse opensuse 11.2
CVE-2010-2089 MEDIUM

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
python python *
CVE-2010-3492 MEDIUM

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python *
CVE-2010-3493 MEDIUM

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
python python 3.1
python python 3.2
CVE-2011-1015 MEDIUM

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
python python 3.0
CVE-2011-1521 MEDIUM

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
python python 2.4.6
python python 2.0
python python 2.6.7
python python 3.1
python python 2.6.5
python python 2.3.2
python python 2.6.6
python python 2.3.1
python python 3.0
python python 3.0.1
python python 2.2
python python 2.4.2
python python 2.6.1
python python 2.3.4
python python 2.5.3
python python 2.6.4
python python 2.7.1
python python 2.1.3
python python 2.5.1
python python 2.1
python python 2.4.1
python python 2.3.3
python python 2.5.2
python python 2.0.1
python python 2.2.1
python python 2.4.4
python python 2.5.4
python python 2.2.2
python python 3.1.2
python python 3.1.3
python python 2.1.1
python python 2.3.5
python python 3.1.1
python python 3.2
python python 2.1.2
python python 2.2.3
python python 2.3.7
python python 2.4.3
CVE-2011-4617 LOW

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
python virtualenv 1.3.4
python virtualenv 1.4.1
python virtualenv 0.9.1
python virtualenv 1.3.2
python virtualenv 1.4.7
python virtualenv 1.4.2
python virtualenv 0.8.1
python virtualenv 1.3.1
python virtualenv 1.1
python virtualenv 0.8.4
python virtualenv 1.4.3
python virtualenv 1.3
python virtualenv *
python virtualenv 1.4.4
python virtualenv 1.3.3
python virtualenv 1.4.8
python virtualenv 0.8.2
python virtualenv 1.4.5
python virtualenv 1.4.6
python virtualenv 1.1.1
python virtualenv 1.0
python virtualenv 0.9.2
python virtualenv 0.8.3
python virtualenv 1.2
python virtualenv 1.4
python virtualenv 0.9
python virtualenv 0.8
CVE-2011-4940 LOW

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
python python 2.4.6
python python 2.6.2
python python 1.3
python python 1.2
python python 1.5.2
python python 2.6.5
python python 2.3.2
python python 2.6.6
python python 2.3.1
python python 0.9.0
python python *
python python 2.4.2
python python 2.6.1
python python 2.3.4
python python 2.5.3
python python 2.6.4
python python 2.7.1
python python 2.1.3
python python 2.7.2
python python 2.5.1
python python 2.4.1
python python 2.3.3
python python 1.6.1
python python 2.6.3
python python 2.5.2
python python 2.0.1
python python 2.2.1
python python 2.4.4
python python 2.5.4
python python 2.2.2
python python 0.9.1
python python 2.1.1
python python 2.3.5
python python 1.6
python python 2.1.2
python python 2.2.3
python python 2.3.7
python python 2.4.3
CVE-2012-0876 MEDIUM

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
oracle solaris 11.3
canonical ubuntu_linux 8.04
redhat enterprise_linux_workstation 5.0
canonical ubuntu_linux 11.10
redhat enterprise_linux_server 6.0
libexpat_project libexpat *
debian debian_linux 6.0
redhat enterprise_linux_server_aus 6.2
canonical ubuntu_linux 11.04
canonical ubuntu_linux 10.04
redhat enterprise_linux_eus 6.2
canonical ubuntu_linux 12.04
redhat storage 2.0
redhat enterprise_linux_server 5.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 5.0
python python *
debian debian_linux 7.0
redhat enterprise_linux_desktop 6.0
CVE-2012-2135 MEDIUM

The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
python python *
debian debian_linux 6.0
canonical ubuntu_linux 11.04
CVE-2013-0340 MEDIUM

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
apple tvos *
apple macos *
apple iphone_os *
apple ipados *
libexpat_project libexpat *
python python *
apple watchos *
CVE-2013-1633 MEDIUM

easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
python setuptools 0.6.44
python setuptools 0.6.41
python setuptools 0.6.42
python setuptools 0.6.43
python setuptools 0.6.46
python setuptools 0.6.48
python setuptools *
python setuptools 0.6.40
python setuptools 0.6.45
python setuptools 0.6.49
python setuptools 0.6.47
CVE-2013-1753 MEDIUM

The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
python python *
CVE-2013-1895 MEDIUM

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
fedoraproject fedora 17
python py-bcrypt *
fedoraproject fedora 18
CVE-2013-2099 MEDIUM

Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
python python 3.2.0
python python 3.2.2
python python 3.3.2
canonical ubuntu_linux 12.10
python python 3.2.1
canonical ubuntu_linux 13.04
canonical ubuntu_linux 12.04
python python 3.2.5
python python 3.3.1
python python 3.2.4
python python 3.3.0
python python 3.2.3
CVE-2013-4238 MEDIUM

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
python python 2.6.7
python python 3.2.2150
python python 3.1
opensuse opensuse 12.3
python python 3.1.5
python python 2.6.2
python python 2.7.2150
python python 2.6.5
canonical ubuntu_linux 10.04
opensuse opensuse 12.2
python python 2.6.6
python python 3.0
python python 3.0.1
python python 2.7.3
python python 2.6.1
python python 2.6.4
python python 2.7.1
python python 3.2.3
python python 3.1.2150
python python 2.7.2
python python 2.6.8
python python 2.6.2150
python python 3.3
python python 2.7.1150
python python 2.6.3
python python 3.4
python python 3.1.4
python python 3.1.2
python python 3.1.3
python python 3.1.1
python python 2.6.6150
python python 3.2
opensuse opensuse 11.4
CVE-2013-7040 MEDIUM

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
python python 3.2.2150
python python 3.1
python python 3.1.5
python python 3.3.2
python python 3.3.4
python python 2.7.2150
python python 3.2.1
python python 2.7.4
python python 3.2.5
python python 3.0
python python 3.0.1
python python 2.7.3
python python 3.3.1
apple mac_os_x *
python python 3.3.0
python python 2.7.1
python python 3.2.3
python python 2.7.2
python python 3.2.0
python python 3.2.2
python python 2.7.7
python python 3.3
python python 2.7.1150
python python 3.3.3
python python 3.1.4
python python 3.3.5
python python 2.7.5
python python 3.1.2
python python 3.1.3
python python 3.1.1
python python 2.7.6
python python 3.2
python python 3.2.4
CVE-2013-7338 HIGH

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
python python 3.3.2
python python 3.3.3
python python 3.3.1
apple mac_os_x *
python python 3.3.0
CVE-2013-7440 MEDIUM

The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
python python 3.1.2150
python python 3.2.2150
python python 3.1
python python 3.2.0
python python 3.2.2
python python 3.2.6
python python 3.1.5
python python 3.3.2
python python 3.3
python python 3.2.1
python python 3.1.4
python python 3.1.2
python python 3.1.3
python python 3.2.5
python python 3.1.1
python python 3.0
python python 3.0.1
python python 3.2
python python *
python python 3.3.1
python python 3.2.4
python python 3.3.0
python python 3.2.3
CVE-2014-0224 MEDIUM

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
filezilla-project filezilla_server *
redhat jboss_enterprise_web_server 2.0.1
siemens rox_firmware *
openssl openssl *
siemens application_processing_engine_firmware *
redhat storage 2.1
siemens s7-1500_firmware *
fedoraproject fedora 19
redhat jboss_enterprise_web_platform 5.2.0
redhat enterprise_linux 6.0
redhat jboss_enterprise_application_platform 5.2.0
opensuse opensuse 13.2
fedoraproject fedora 20
redhat enterprise_linux 5
redhat jboss_enterprise_application_platform 6.2.3
mariadb mariadb *
redhat enterprise_linux 4
opensuse opensuse 13.1
siemens cp1543-1_firmware *
python python *
nodejs node.js *
CVE-2014-1604 LOW

The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python rply *
CVE-2014-1624 LOW

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
python pyxdg 0.25
CVE-2014-1829 MEDIUM

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
python requests *
mageia mageia 4.0
canonical ubuntu_linux 14.04
debian debian_linux 7.0
CVE-2014-1830 MEDIUM

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
python requests *
opensuse opensuse 13.1
CVE-2014-1912 HIGH

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
python python 2.6.7
python python 3.1
python python 3.1.5
python python 2.6.2
python python 2.7.2150
python python 3.2.1
python python 2.7.4
python python 2.6.6
python python 3.2.5
python python 3.0
python python 2.7.3
apple mac_os_x *
python python 2.6.1
python python 2.6.4
python python 3.3.0
python python 3.2.3
python python 3.1.2150
python python 2.7.2
python python 3.2.2
python python 2.5.1
python python 2.6.2150
python python 3.3
python python 2.7.1150
python python 3.3.3
python python 3.4
python python 2.5.4
python python 2.7.5
python python 3.1.3
python python 2.6.6150
python python 2.7.6
python python 3.2
python python 3.2.2150
python python 3.3.2
python python 2.6.5
python python 3.0.1
python python 3.3.1
python python 2.5.3
python python 2.7.1
python python 3.2.0
python python 2.6.8
python python 2.6.3
python python 2.5.2
python python 2.5.6
python python 2.5.150
python python 3.1.4
python python 3.1.2
python python 3.1.1
python python 3.2.4
CVE-2014-1932 MEDIUM

The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
pythonware python_imaging_library *
python pillow *
CVE-2014-1933 LOW

The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
pythonware python_imaging_library *
python pillow *
CVE-2014-2667 LOW

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
python python 3.2.0
python python 3.2.2
python python 3.2.6
python python 3.3.2
python python 3.3.4
python python 3.3.3
python python 3.2.1
python python 3.4.0
python python 3.3.6
python python 3.4.1
python python 3.3.5
python python 3.2.5
python python 3.3.1
python python 3.4.2
python python 3.2.4
python python 3.3.0
python python 3.2.3
CVE-2014-3007 HIGH

Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
pythonware python_imaging_library *
python pillow 2.3.0
CVE-2014-3589 MEDIUM

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
python pillow 2.5.2
debian python-imaging -
python pillow 2.3.0
python pillow 2.5.1
python pillow *
python pillow 2.5.0
CVE-2014-3598 MEDIUM

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
python pillow *
CVE-2014-4616 MEDIUM

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
simplejson_project simplejson *
opensuse opensuse 13.1
python python *
opensuse_project opensuse 12.3
CVE-2014-4650 HIGH

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
redhat software_collections -
redhat enterprise_linux 5.0
python python *
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
CVE-2014-7185 MEDIUM

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
python python 2.7.2
python python 2.7.4
python python 2.7.5
python python 2.7.1150
python python 2.7.2150
python python 2.7.6
python python 2.7.3
python python *
apple mac_os_x *
python python 2.7.1
CVE-2014-9365 MEDIUM

The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python 2.0
python python 2.6.7
python python 3.1
python python 3.2.6
python python 3.1.5
python python 2.6.2
python python 3.3.4
python python 2.7.2150
python python 3.2.1
python python 2.3.2
python python 2.7.4
python python 2.6.6
python python 3.2.5
python python 2.3.1
python python 3.0
python python 2.7.3
apple mac_os_x *
python python 2.4.2
python python 2.6.1
python python 2.6.4
python python 3.3.0
python python 3.2.3
python python 3.1.2150
python python 2.7.2
python python 3.2.2
python python 2.5.1
python python 2.7.7
python python 2.3.3
python python 2.6.2150
python python 3.3
python python 2.7.1150
python python 3.3.3
python python 3.4
python python 2.5.4
python python 3.3.5
python python 2.7.5
python python 3.1.3
python python 2.1.1
python python 2.3.5
python python 2.6.6150
python python 2.7.6
python python 3.2
python python 2.2.3
python python 2.7.8
python python 2.4.6
python python 3.2.2150
python python 3.3.2
python python 2.6.5
python python 3.4.1
python python 3.0.1
python python 2.2
python python 3.3.1
python python 3.4.2
python python 2.3.4
python python 2.5.3
python python 2.7.1
python python 2.1.3
python python 3.2.0
python python 2.1
python python 2.4.1
python python 2.6.8
python python 2.6.3
python python 2.5.2
python python 2.0.1
python python 3.4.0
python python 2.2.1
python python 2.4.4
python python 2.5.6
python python 2.5.150
python python 3.3.6
python python 3.1.4
python python 2.2.2
python python 3.1.2
python python 3.1.1
python python 2.1.2
python python 2.3.7
python python 2.4.3
python python 3.2.4
CVE-2014-9601 MEDIUM

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
oracle solaris 11.2
python pillow *
fedoraproject fedora 21
CVE-2015-1283 MEDIUM

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 9.0
suse linux_enterprise_server 12
oracle solaris 10
oracle solaris 11.3
canonical ubuntu_linux 15.04
suse linux_enterprise_debuginfo 11
libexpat_project libexpat *
suse linux_enterprise_server 11
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
google chrome *
suse linux_enterprise_desktop 12
canonical ubuntu_linux 12.04
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 11
opensuse opensuse 13.1
python python *
debian debian_linux 7.0
debian debian_linux 8.0
opensuse leap 42.1
suse studio_onsite 1.3
CVE-2015-20107 HIGH

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
netapp snapcenter -
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
netapp active_iq_unified_manager -
fedoraproject fedora 36
fedoraproject fedora 37
python python *
CVE-2015-2296 MEDIUM

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python requests 2.5.1
python requests 2.3.0
python requests 2.2.1
python requests 2.4.2
canonical ubuntu_linux 14.04
python requests 2.1.0
python requests 2.5.0
canonical ubuntu_linux 14.10
mageia_project mageia 4.0
python requests 2.4.3
python requests 2.5.2
python requests 2.4.0
python requests 2.4.1
python requests 2.5.3
CVE-2015-5652 HIGH

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python python *
CVE-2016-0718 HIGH

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_server 12
canonical ubuntu_linux 16.04
suse linux_enterprise_debuginfo 11
mozilla firefox *
libexpat_project libexpat *
suse linux_enterprise_server 11
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
suse linux_enterprise_desktop 12
canonical ubuntu_linux 12.04
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_software_development_kit 11
opensuse opensuse 13.1
python python *
debian debian_linux 8.0
apple mac_os_x *
opensuse leap 42.1
mcafee policy_auditor *
suse studio_onsite 1.3
CVE-2016-0740 MEDIUM

Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
python pillow *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2016-0772 MEDIUM

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-693,

Products Affected

Vendor Product Version
python python 3.2.6
python python 3.1.5
python python 3.3.2
python python 3.3.4
python python 3.1.0
python python 3.2.1
python python 3.5.0
python python 3.4.1
python python 3.2.5
python python 3.0
python python 3.0.1
python python *
python python 3.3.1
python python 3.4.2
python python 3.3.0
python python 3.2.3
python python 3.4.3
python python 3.2.0
python python 3.2.2
python python 3.3.3
python python 3.4.0
python python 3.4.4
python python 3.3.6
python python 3.1.4
python python 3.5.1
python python 3.3.5
python python 3.1.2
python python 3.1.3
python python 3.1.1
python python 3.2.4
CVE-2016-0775 MEDIUM

Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
python pillow *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2016-1000032 MEDIUM

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
python tgcaptcha2 0.3.0
CVE-2016-1000110 MEDIUM

The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 23
debian debian_linux 10.0
python python *
debian debian_linux 8.0
CVE-2016-1494 MEDIUM

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 13.2
fedoraproject fedora 22
fedoraproject fedora 23
python rsa *
opensuse opensuse 13.1
opensuse leap 42.1
CVE-2016-2183 MEDIUM

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openssl openssl 1.0.1a
openssl openssl 1.0.1q
openssl openssl 1.0.2e
openssl openssl 1.0.2f
openssl openssl 1.0.2h
openssl openssl 1.0.1b
openssl openssl 1.0.2b
openssl openssl 1.0.2c
openssl openssl 1.0.1d
openssl openssl 1.0.1l
python python *
redhat enterprise_linux 7.0
openssl openssl 1.0.1n
nodejs node.js *
oracle database 12.1.0.2
cisco content_security_management_appliance 9.6.6-068
openssl openssl 1.0.2d
redhat jboss_web_server 3.0
redhat jboss_enterprise_web_server 2.0.0
openssl openssl 1.0.1f
openssl openssl 1.0.1o
redhat enterprise_linux 5.0
openssl openssl 1.0.1k
oracle database 11.2.0.4
redhat enterprise_linux 6.0
openssl openssl 1.0.1h
openssl openssl 1.0.1j
redhat jboss_enterprise_web_server 1.0.0
cisco content_security_management_appliance 9.7.0-006
openssl openssl 1.0.1m
openssl openssl 1.0.1i
openssl openssl 1.0.2a
openssl openssl 1.0.1t
openssl openssl 1.0.1g
openssl openssl 1.0.1e
openssl openssl 1.0.1c
openssl openssl 1.0.1p
openssl openssl 1.0.1r
redhat jboss_enterprise_application_platform 6.0.0
CVE-2016-2533 MEDIUM

Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
python pillow *
debian debian_linux 7.0
debian debian_linux 8.0
python_imaging_project python_imaging *
CVE-2016-3076 MEDIUM

Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
python pillow 2.5.2
python pillow 2.9.0
python pillow 2.8.2
python pillow 2.5.3
python pillow 3.1.0
python pillow 3.0.0
python pillow 2.6.0
python pillow 2.6.2
python pillow 2.8.1
python pillow 2.5.1
python pillow 2.7.0
python pillow 2.8.0
python pillow 2.5.0
python pillow 2.6.1
CVE-2016-3189 MEDIUM

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,CWE-416,

Products Affected

Vendor Product Version
bzip bzip2 1.0.6
python python *
CVE-2016-4009 HIGH

Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
python pillow *
CVE-2016-4472 MEDIUM

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
libexpat_project libexpat *
python python *
mcafee policy_auditor *
CVE-2016-5636 HIGH

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python python 3.2.6
python python 3.1.5
python python 3.3.2
python python 3.3.4
python python 3.1.0
python python 3.2.1
python python 3.5.0
python python 3.4.1
python python 3.2.5
python python 3.0
python python 3.0.1
python python *
python python 3.3.1
python python 3.4.2
python python 3.3.0
python python 3.2.3
python python 3.4.3
python python 3.2.0
python python 3.2.2
python python 3.3.3
python python 3.4.0
python python 3.4.4
python python 3.3.6
python python 3.1.4
python python 3.5.1
python python 3.3.5
python python 3.1.2
python python 3.1.3
python python 3.1.1
python python 3.2.4
CVE-2016-5699 MEDIUM

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-113,

Products Affected

Vendor Product Version
python python 3.2.6
python python 3.1.5
python python 3.3.2
python python 3.3.4
python python 3.1.0
python python 3.2.1
python python 3.4.1
python python 3.2.5
python python 3.0
python python 3.0.1
python python *
python python 3.3.1
python python 3.4.2
python python 3.3.0
python python 3.2.3
python python 3.4.3
python python 3.2.0
python python 3.2.2
python python 3.3.3
python python 3.4.0
python python 3.3.6
python python 3.1.4
python python 3.3.5
python python 3.1.2
python python 3.1.3
python python 3.1.1
python python 3.2.4
CVE-2016-6580 MEDIUM

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority information for each stream, and would therefore allocate unbounded amounts of memory. Attempting to actually use a tree like this would also cause extremely high CPU usage to maintain the tree.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
python python_priority_library 1.1.1
python python_priority_library 1.1.0
python python_priority_library 1.0.0
CVE-2016-6581 HIGH

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
python hpack 2.0.1
python hyper 0.6
python hpack 2.1.1
python hpack 2.2
python hyper 0.4
python hpack 1.0
python hpack 2.0
CVE-2016-9015 LOW

Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.

CVSS 2.0

Severity: LOW

Problem Type: CWE-295,

Products Affected

Vendor Product Version
python urllib3 1.17
python urllib3 1.18
CVE-2016-9063 HIGH

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 9.0
mozilla firefox *
debian debian_linux 10.0
python python *
debian debian_linux 8.0
CVE-2016-9189 MEDIUM

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
python pillow *
debian debian_linux 8.0
CVE-2016-9190 MEDIUM

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
python pillow *
debian debian_linux 8.0
CVE-2017-1000158 HIGH

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 9.0
python python *
debian debian_linux 7.0
debian debian_linux 8.0
CVE-2017-17522 MEDIUM

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
python python *
CVE-2017-18207 MEDIUM

The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
python python *
CVE-2017-20052 MEDIUM

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L 1.6 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
python python 2.7.13
CVE-2017-2810 HIGH

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
python tablib 0.11.4
CVE-2017-5992 MEDIUM

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
python openpyxl 2.4.1
CVE-2017-9233 MEDIUM

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
libexpat_project libexpat *
python python *
debian debian_linux 8.0
CVE-2018-1000030 LOW

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.6 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L 1.0 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-416,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
python python *
canonical ubuntu_linux 18.04
CVE-2018-1000117 HIGH

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
python python 3.7.0
python python *
CVE-2018-1000802 HIGH

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
python python *
debian debian_linux 8.0
canonical ubuntu_linux 18.04
CVE-2018-1060 MEDIUM

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 28
fedoraproject fedora 30
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 29
redhat ansible_tower 3.3
canonical ubuntu_linux 12.04
python python *
debian debian_linux 8.0
CVE-2018-1061 MEDIUM

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 16.04
python python 3.7.0
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 28
fedoraproject fedora 30
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 29
redhat ansible_tower 3.3
canonical ubuntu_linux 12.04
python python *
debian debian_linux 8.0
CVE-2018-14647 MEDIUM

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-335,CWE-665,CWE-909,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.1
canonical ubuntu_linux 16.04
python python 3.7.0
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 30
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 12.04
python python *
debian debian_linux 8.0
CVE-2018-18074 MEDIUM

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
python requests *
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
opensuse leap 15.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
CVE-2018-20060 MEDIUM

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 29
python urllib3 *
fedoraproject fedora 28
fedoraproject fedora 30
CVE-2018-20406 MEDIUM

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
fedoraproject fedora 29
fedoraproject fedora 28
fedoraproject fedora 30
python python *
debian debian_linux 8.0
CVE-2018-20852 MEDIUM

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
python python *
CVE-2018-25032 MEDIUM

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
siemens scalance_sc626-2c_firmware *
netapp ontap_select_deploy_administration_utility -
azul zulu 11.54
apple macos *
siemens scalance_sc636-2c_firmware *
azul zulu 6.45
fedoraproject fedora 35
debian debian_linux 10.0
python python *
azul zulu 15.38
apple mac_os_x *
azul zulu 13.46
debian debian_linux 9.0
netapp hci_compute_node -
nokogiri nokogiri *
siemens scalance_sc622-2c_firmware *
netapp oncommand_workflow_automation -
azul zulu 7.52
netapp h410c_firmware -
siemens scalance_sc642-2c_firmware *
siemens scalance_sc646-2c_firmware *
goto gotoassist *
fedoraproject fedora 34
netapp management_services_for_element_software -
netapp h300s_firmware -
netapp h700s_firmware -
zlib zlib *
azul zulu 17.32
mariadb mariadb *
netapp h410s_firmware -
netapp active_iq_unified_manager -
siemens scalance_sc632-2c_firmware *
netapp h500s_firmware -
fedoraproject fedora 36
debian debian_linux 11.0
netapp e-series_santricity_os_controller *
azul zulu 8.60
CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
python urllib3 *
CVE-2019-10138 MEDIUM

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
python novajoin *
CVE-2019-10160 MEDIUM

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-172,CWE-522,

Products Affected

Vendor Product Version
debian debian_linux 9.0
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 7.0
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
redhat enterprise_linux_workstation 7.0
redhat virtualization 4.0
opensuse leap 15.0
netapp converged_systems_advisor_agent -
redhat enterprise_linux_server_aus 7.6
fedoraproject fedora 30
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 29
netapp cloud_backup -
redhat enterprise_linux_eus 7.6
canonical ubuntu_linux 12.04
python python 3.8.0
python python *
debian debian_linux 8.0
canonical ubuntu_linux 19.04
CVE-2019-11236 MEDIUM

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
python urllib3 *
CVE-2019-11324 MEDIUM

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.10
python urllib3 *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
CVE-2019-12761 MEDIUM

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDG_CONFIG_DIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in xdg/Menu.py before an eval call.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
python pyxdg *
CVE-2019-12900 HIGH

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 16.04
opensuse leap 15.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
bzip bzip2 *
freebsd freebsd 11.3
freebsd freebsd 11.2
canonical ubuntu_linux 12.04
freebsd freebsd 12.0
python python *
debian debian_linux 8.0
canonical ubuntu_linux 19.04
CVE-2019-13404 HIGH

The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x

CVSS 2.0

Severity: HIGH

Problem Type: CWE-552,

Products Affected

Vendor Product Version
python python *
CVE-2019-15903 MEDIUM

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-776,CWE-125,

Products Affected

Vendor Product Version
libexpat_project libexpat *
python python *
CVE-2019-16056 MEDIUM

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
oracle peoplesoft_enterprise_peopletools 8.58
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
oracle communications_operations_monitor *
opensuse leap 15.0
fedoraproject fedora 30
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
oracle communications_operations_monitor 3.4
fedoraproject fedora 29
oracle solaris 11
canonical ubuntu_linux 12.04
oracle peoplesoft_enterprise_peopletools 8.57
redhat software_collections 1.0
python python *
debian debian_linux 8.0
canonical ubuntu_linux 19.04
oracle zfs_storage_appliance_kit 8.8
CVE-2019-16865 MEDIUM

An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
fedoraproject fedora 31
fedoraproject fedora 30
python pillow *
CVE-2019-16935 MEDIUM

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
python python *
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
CVE-2019-17514 MEDIUM

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-682,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
python python 3.7.0
python python 3.8.0
python python 3.6.0
CVE-2019-18348 MEDIUM

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
python python *
CVE-2019-19274 MEDIUM

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
python typed_ast 1.3.0
python typed_ast 1.3.1
CVE-2019-19275 MEDIUM

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
python typed_ast 1.3.0
python typed_ast 1.3.1
CVE-2019-19911 MEDIUM

There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 16.04
debian debian_linux 10.0
fedoraproject fedora 30
python pillow *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
CVE-2019-20907 MEDIUM

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.2
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
netapp active_iq_unified_manager *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
netapp cloud_volumes_ontap_mediator -
fedoraproject fedora 32
canonical ubuntu_linux 12.04
python python *
canonical ubuntu_linux 20.04
oracle zfs_storage_appliance_kit 8.8
CVE-2019-5010 MEDIUM

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_eus 8.6
python python *
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.4
CVE-2019-6690 MEDIUM

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 18.10
suse backports -
opensuse leap 15.0
debian debian_linux 8.0
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
python python-gnupg 0.4.3
CVE-2019-6802 MEDIUM

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-79,

Products Affected

Vendor Product Version
python pypiserver *
CVE-2019-9636 MEDIUM

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse leap 15.1
fedoraproject fedora 31
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_server 6.0
redhat virtualization 4.0
opensuse leap 15.0
fedoraproject fedora 30
fedoraproject fedora 29
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_tus 8.6
oracle sun_zfs_storage_appliance_kit 8.8.6
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_workstation 6.0
python python *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux 8.0
debian debian_linux 9.0
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux 7.5
fedoraproject fedora 28
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
redhat openshift_container_platform 3.11
redhat enterprise_linux_eus 7.5
opensuse leap 42.3
redhat enterprise_linux_server_eus 5.6
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_eus 8.6
debian debian_linux 8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.4
CVE-2019-9674 MEDIUM

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
netapp active_iq_unified_manager -
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
python python *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
CVE-2019-9740 MEDIUM

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
python python *
CVE-2019-9947 MEDIUM

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-93,

Products Affected

Vendor Product Version
python python *
CVE-2019-9948 MEDIUM

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
redhat enterprise_linux_tus 8.4
redhat enterprise_linux_server 7.0
redhat enterprise_linux_desktop 8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.2
opensuse leap 15.0
fedoraproject fedora 30
redhat enterprise_linux_tus 8.2
fedoraproject fedora 29
redhat enterprise_linux_server 8.0
canonical ubuntu_linux 12.04
redhat enterprise_linux_tus 8.6
python python *
debian debian_linux 9.0
redhat enterprise_linux_eus 8.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_workstation 8.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
opensuse leap 42.3
redhat enterprise_linux_server_eus 8.4
redhat enterprise_linux_eus 8.6
debian debian_linux 8.0
canonical ubuntu_linux 19.04
redhat enterprise_linux_eus 8.4
CVE-2020-10177 MEDIUM

Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 32
python pillow *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
CVE-2020-10378 MEDIUM

In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 32
python pillow *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
CVE-2020-10379 MEDIUM

In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
fedoraproject fedora 31
fedoraproject fedora 32
python pillow *
canonical ubuntu_linux 20.04
CVE-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat quay 3.0.0
fedoraproject fedora 35
redhat software_collections -
fedoraproject fedora 36
fedoraproject fedora 37
python python *
redhat enterprise_linux 8.0
python python 3.11.0
CVE-2020-10994 MEDIUM

In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 32
python pillow *
canonical ubuntu_linux 18.04
CVE-2020-11538 MEDIUM

In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 32
python pillow *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
CVE-2020-13388 HIGH

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
python jw.util *
CVE-2020-14422 MEDIUM

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,CWE-682,

Products Affected

Vendor Product Version
opensuse leap 15.2
opensuse leap 15.1
fedoraproject fedora 31
fedoraproject fedora 32
oracle enterprise_manager_ops_center 12.4.0.0
python python *
CVE-2020-15523 MEDIUM

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-908,

Products Affected

Vendor Product Version
netapp snapcenter -
python python 3.8.4
python python 3.9.0
python python *
CVE-2020-15801 HIGH

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,

Products Affected

Vendor Product Version
python python *
netapp max_data -
CVE-2020-26116 MEDIUM

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
debian debian_linux 9.0
netapp solidfire -
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
fedoraproject fedora 33
netapp hci_storage_node -
fedoraproject fedora 32
canonical ubuntu_linux 12.04
python python *
oracle zfs_storage_appliance_kit 8.8
CVE-2020-26137 MEDIUM

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
debian debian_linux 9.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.2.0
python urllib3 *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
oracle zfs_storage_appliance_kit 8.8
CVE-2020-27619 HIGH

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 33
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.2.0
python python *
fedoraproject fedora 34
CVE-2020-35653 MEDIUM

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 33
fedoraproject fedora 32
python pillow *
CVE-2020-35654 MEDIUM

In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
python pillow *
CVE-2020-35655 MEDIUM

In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
python pillow *
CVE-2020-5310 MEDIUM

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 30
python pillow *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
CVE-2020-5311 HIGH

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 31
debian debian_linux 10.0
fedoraproject fedora 30
python pillow *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
CVE-2020-5312 HIGH

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
debian debian_linux 10.0
fedoraproject fedora 30
python pillow *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
CVE-2020-5313 MEDIUM

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
canonical ubuntu_linux 16.04
fedoraproject fedora 31
debian debian_linux 10.0
fedoraproject fedora 30
python pillow *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
CVE-2020-7212 HIGH

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
python urllib3 *
CVE-2020-8315 MEDIUM

In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
python python *
CVE-2020-8492 HIGH

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 9.0
opensuse leap 15.1
canonical ubuntu_linux 16.04
fedoraproject fedora 31
fedoraproject fedora 32
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
python python *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.10
canonical ubuntu_linux 20.04
CVE-2021-23336 MEDIUM

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H 1.6 4.2
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H 1.6 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 9.0
netapp inventory_collect_tool -
djangoproject django *
fedoraproject fedora 34
netapp snapcenter -
fedoraproject fedora 33
oracle communications_offline_mediation_controller 12.0.0.3.0
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
oracle communications_pricing_design_center 12.0.0.3.0
fedoraproject fedora 32
oracle enterprise_manager_ops_center 12.4.0.0
oracle zfs_storage_appliance 8.8
python python *
CVE-2021-23437 MEDIUM

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
fedoraproject fedora 34
CVE-2021-25287 MEDIUM

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
CVE-2021-25288 MEDIUM

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
CVE-2021-25289 HIGH

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
python pillow *
CVE-2021-25290 MEDIUM

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 9.0
python pillow *
CVE-2021-25291 MEDIUM

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
python pillow *
CVE-2021-25292 MEDIUM

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1333,

Products Affected

Vendor Product Version
python pillow *
CVE-2021-25293 MEDIUM

An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
python pillow *
CVE-2021-27921 MEDIUM

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
python pillow *
fedoraproject fedora 34
CVE-2021-27922 MEDIUM

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
python pillow *
fedoraproject fedora 34
CVE-2021-27923 MEDIUM

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
python pillow *
fedoraproject fedora 34
CVE-2021-28363 MEDIUM

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.59
python urllib3 *
fedoraproject fedora 34
CVE-2021-28675 MEDIUM

An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
CVE-2021-28676 MEDIUM

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
CVE-2021-28677 MEDIUM

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
CVE-2021-28678 MEDIUM

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads (after jumping to file offsets) returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
fedoraproject fedora 33
python pillow *
CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37
python python *
python python 3.11.0
CVE-2021-29921 HIGH

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle communications_cloud_native_core_automated_test_suite 1.8.0
oracle graalvm 20.3.2
python python *
oracle graalvm 21.1.0
oracle zfs_storage_appliance_kit 8.8
CVE-2021-3177 HIGH

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 33
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.2.0
netapp ontap_select_deploy_administration_utility -
oracle communications_pricing_design_center 12.0.0.3.0
netapp active_iq_unified_manager -
fedoraproject fedora 32
oracle enterprise_manager_ops_center 12.4.0.0
python python *
oracle zfs_storage_appliance_kit 8.8
CVE-2021-33503 MEDIUM

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 33
oracle instantis_enterprisetrack 17.2
python urllib3 *
oracle instantis_enterprisetrack 17.3
oracle enterprise_manager_ops_center 12.4.0.0
oracle instantis_enterprisetrack 17.1
fedoraproject fedora 34
oracle zfs_storage_appliance_kit 8.8
CVE-2021-3426 LOW

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.1 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-22,

Products Affected

Vendor Product Version
debian debian_linux 9.0
python python 3.10.0
oracle communications_cloud_native_core_binding_support_function 1.10.0
fedoraproject fedora 34
netapp snapcenter -
fedoraproject fedora 33
netapp cloud_backup -
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 32
redhat software_collections -
python python *
oracle zfs_storage_appliance_kit 8.8
redhat enterprise_linux 8.0
CVE-2021-34552 HIGH

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
debian debian_linux 9.0
fedoraproject fedora 33
python pillow *
fedoraproject fedora 34
CVE-2021-3733 MEDIUM

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
redhat codeready_linux_builder_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems 8.0
netapp solidfire,_enterprise_sds_&_hci_storage_node -
redhat enterprise_linux_for_power_little_endian_eus 8.4
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
python python *
redhat enterprise_linux 8.0
python python 3.10.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat codeready_linux_builder_for_ibm_z_systems 8.0
fedoraproject fedora 34
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
fedoraproject fedora 33
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
fedoraproject extra_packages_for_enterprise_linux 7.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat codeready_linux_builder 8.0
fedoraproject fedora 36
netapp hci_compute_node_firmware -
netapp management_services_for_element_software_and_netapp_hci -
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_server_aus 8.4
CVE-2021-3737 HIGH

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,CWE-400,CWE-835,

Products Affected

Vendor Product Version
redhat codeready_linux_builder_for_power_little_endian 8.0
redhat enterprise_linux_for_ibm_z_systems 8.0
oracle communications_cloud_native_core_binding_support_function 22.1.3
netapp netapp_xcp_smb -
oracle communications_cloud_native_core_network_exposure_function 22.1.1
oracle communications_cloud_native_core_policy 22.2.0
netapp ontap_select_deploy_administration_utility -
python python *
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_for_power_little_endian 8.0
canonical ubuntu_linux 16.04
netapp hci -
redhat codeready_linux_builder_for_ibm_z_systems 8.0
canonical ubuntu_linux 14.04
redhat enterprise_linux 6.0
canonical ubuntu_linux 18.04
fedoraproject fedora 34
netapp management_services_for_element_software -
canonical ubuntu_linux 21.04
fedoraproject fedora 33
netapp xcp_nfs -
redhat codeready_linux_builder 8.0
canonical ubuntu_linux 20.04
CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Products Affected

Vendor Product Version
python python 3.10.0
netapp ontap_select_deploy_administration_utility -
redhat software_collections -
debian debian_linux 10.0
python python *
debian debian_linux 11.0
redhat enterprise_linux 8.0
CVE-2021-42576 HIGH

The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
python pybluemonday *
microco bluemonday *
CVE-2022-0391 MEDIUM

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,CWE-74,

Products Affected

Vendor Product Version
netapp hci_compute_node -
python python 3.10.0
netapp hci -
netapp solidfire,_enterprise_sds_&_hci_storage_node -
oracle http_server 12.2.1.4.0
fedoraproject fedora 34
netapp management_services_for_element_software -
netapp ontap_select_deploy_administration_utility -
oracle http_server 12.2.1.3.0
fedoraproject fedora 35
netapp active_iq_unified_manager -
python python *
oracle zfs_storage_appliance_kit 8.8
CVE-2022-22815 MEDIUM

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-665,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
python pillow *
debian debian_linux 11.0
CVE-2022-22816 MEDIUM

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
python pillow *
debian debian_linux 11.0
CVE-2022-22817 HIGH

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
debian debian_linux 10.0
python pillow *
debian debian_linux 11.0
CVE-2022-24303 MEDIUM

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 35
python pillow *
fedoraproject fedora 34
CVE-2022-24902 MEDIUM

TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
python tkvideoplayer *
CVE-2022-26488 MEDIUM

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp active_iq_unified_manager -
python python *
python python 3.11.0
CVE-2022-28470 HIGH

marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
python pypi *
CVE-2022-30595 HIGH

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
python pillow 9.1.0
CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
extended_keccak_code_package_project extended_keccak_code_package -
sha3_project sha3 *
pysha3_project pysha3 *
fedoraproject fedora 35
debian debian_linux 10.0
fedoraproject fedora 36
python python *
debian debian_linux 11.0
pypy pypy *
php php *
CVE-2022-40897

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
python setuptools *
CVE-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.

Products Affected

Vendor Product Version
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37
python python *
CVE-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

Products Affected

Vendor Product Version
netapp bootstrap_os -
netapp hci -
netapp e-series_performance_analyzer -
fedoraproject fedora 37
netapp management_services_for_element_software -
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 35
netapp active_iq_unified_manager -
fedoraproject fedora 36
python python *
netapp element_software -
python python 3.11.0
CVE-2022-45198

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

Products Affected

Vendor Product Version
python pillow *
CVE-2022-45199

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

Products Affected

Vendor Product Version
python pillow *
CVE-2022-48560

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
python python 3.9.0
debian debian_linux 10.0
python python *
CVE-2022-48564

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
python python *
CVE-2022-48565

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
debian debian_linux 10.0
python python *
CVE-2022-48566

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
debian debian_linux 10.0
netapp converged_systems_advisor_agent -
python python *
CVE-2023-24329

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
netapp active_iq_unified_manager -
fedoraproject fedora 36
fedoraproject fedora 37
netapp management_services_for_netapp_hci -
python python *
netapp management_services_for_element_software -
fedoraproject fedora 38
CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Products Affected

Vendor Product Version
netapp ontap_select_deploy_administration_utility -
fedoraproject fedora 39
netapp active_iq_unified_manager -
python python *
fedoraproject fedora 38
CVE-2023-32681

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 1.6 4.0

Products Affected

Vendor Product Version
python requests *
fedoraproject fedora 37
CVE-2023-33595

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.

Products Affected

Vendor Product Version
python python 3.12.0
CVE-2023-36632

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.

Products Affected

Vendor Product Version
python python *
CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
python python 3.13.0
CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
python python *
CVE-2023-41105

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
python python *
CVE-2023-43804

urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 0.7 5.2
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
python urllib3 *
fedoraproject fedora 39
debian debian_linux 10.0
fedoraproject fedora 37
fedoraproject fedora 38
CVE-2023-44271

An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
python pillow *
fedoraproject fedora 38
CVE-2023-45803

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6
security-advisories@github.com 4.2 MEDIUM CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.5 3.6

Products Affected

Vendor Product Version
python urllib3 *
fedoraproject fedora 38
CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
debian debian_linux 10.0
python pillow *
CVE-2023-6507

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6
cna@python.org 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

Products Affected

Vendor Product Version
python python 3.12.0
python python 3.13.0
CVE-2024-28219

In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
debian debian_linux 10.0
python pillow *
CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N 0.7 3.6

Products Affected

Vendor Product Version
python urllib3 *
netapp active_iq_unified_manager -
debian debian_linux 11.0
CVE-2024-6232

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Products Affected

Vendor Product Version
python python *
python python 3.13.0
CVE-2024-7592

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
python python *
python python 3.13.0
CVE-2024-9287

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Products Affected

Vendor Product Version
python python 3.14.0
python python *
CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Products Affected

Vendor Product Version
python python 3.15.0
python python *
CVE-2025-12781

When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the possibility of causing data integrity issues. This behavior can only be insecure if your application uses an alternate base64 alphabet (without "+/"). If your application does not use the "altchars" parameter or the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their application would not be affected if the b64decode() functions accepted "+" or "/" outside of altchars.

Products Affected

Vendor Product Version
python python 3.15.0
python python *
CVE-2025-13836

When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.

Products Affected

Vendor Product Version
python python 3.14.0
python python 3.15.0
python python *
CVE-2025-13837

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues

Products Affected

Vendor Product Version
python python 3.15.0
python python *
CVE-2025-47273

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
python setuptools *
debian debian_linux 11.0
CVE-2025-48379

Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
python pillow 11.2.1
CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
python urllib3 *
CVE-2025-50182

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.6 3.6

Products Affected

Vendor Product Version
python urllib3 *
CVE-2025-6075

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Products Affected

Vendor Product Version
python python 3.15.0
python python *
CVE-2025-66418

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Products Affected

Vendor Product Version
python urllib3 *
CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.

Products Affected

Vendor Product Version
python urllib3 *
CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.

Products Affected

Vendor Product Version
python urllib3 *
CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. Standard usage of the Requests library is not affected by this vulnerability. Only applications that call `extract_zipped_paths()` directly are impacted. Starting in version 2.33.0, the library extracts files to a non-deterministic location. If developers are unable to upgrade, they can set `TMPDIR` in their environment to a directory with restricted write access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N 0.8 3.6

Products Affected

Vendor Product Version
python requests *
CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Products Affected

Vendor Product Version
python pillow *
CVE-2026-31900

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, use_pyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action. Version 26.3.0 fixes this vulnerability.

Products Affected

Vendor Product Version
python black *
CVE-2026-5271

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker-controlled directory, a malicious module in that directory can be imported and executed instead of the intended package.

Products Affected

Vendor Product Version
python pymanager 26.0