CVE-2017-20052 – Python pgAdmin4 uncontrolled search path
https://notcve.org/view.php?id=CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/92 https://security.netapp.com/advisory/ntap-20220804-0005 https://vuldb.com/?id.97822 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-30595
https://notcve.org/view.php?id=CVE-2022-30595
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. El archivo libImaging/TgaRleDecode.c en Pillow versión 9.1.0, presenta un desbordamiento del búfer de la pila en el procesamiento de archivos de imagen TGA no válidos • https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html • CWE-787: Out-of-bounds Write •
CVE-2022-28470
https://notcve.org/view.php?id=CVE-2022-28470
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. El paquete marcador en PyPI versiones 0.1 hasta 0.13, incluía una puerta trasera de ejecución de código • http://pypi.doubanio.com/simple/request https://github.com/joajfreitas/marcador/issues/5 https://pypi.org/project/marcador •
CVE-2022-24902 – Memory issue in playing videos
https://notcve.org/view.php?id=CVE-2022-24902
TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later. TkVideoplayer es una sencilla biblioteca para reproducir archivos de vídeo en tkinter. • https://github.com/PaulleDemon/tkVideoPlayer/issues/3 https://github.com/PaulleDemon/tkVideoPlayer/security/advisories/GHSA-jmhj-vh4q-hhmq • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-30284
https://notcve.org/view.php?id=CVE-2022-30284
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case ** EN DISPUTA ** En el paquete python-libnmap versiones hasta0.7.2 para Python, puede producirse una ejecución de un comando remoto (si es usado en una aplicación cliente que no comprueba los argumentos). NOTA: el proveedor cree que no sería realista que una aplicación llamara a NmapProcess con argumentos tomados de datos de entrada que llegaron a través de una red no confiable, y por lo tanto la puntuación CVSS corresponde a un caso de uso no realista. Ninguna documentación de NmapProcess implica que este sea un caso de uso esperado • https://github.com/savon-noir/python-libnmap/releases https://libnmap.readthedocs.io/en/latest/process.html#using-libnmap-process https://pypi.org/project/python-libnmap https://www.swascan.com/security-advisory-libnmap-2 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •