CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15141 – Path Traversal in openapi-python-client
https://notcve.org/view.php?id=CVE-2020-15141
14 Aug 2020 — In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. En openapi-python-client versiones anteriores a 0.5.3, se presenta una vulnerabilidad de salto de ruta. Si un usuario generó un cliente usando un documento OpenAPI diseñado maliciosamente, es posible que los archivos generados sean colocados en ubicaciones arbitrarias ... • https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15142 – Arbitrary Code Generation
https://notcve.org/view.php?id=CVE-2020-15142
14 Aug 2020 — In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. En openapi-python-client versiones anteriores a 0.5.3, los clientes generados con un Documento OpenAPI diseñado maliciosamente pueden generar código Python arbitrario. Una ejecución posterior de este cliente malicioso es una ejecución de código arbitraria. • https://github.com/triaxtec/openapi-python-client/blob/main/CHANGELOG.md#053---2020-08-13 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15801 – openSUSE Security Advisory - openSUSE-SU-2025:15713-1
https://notcve.org/view.php?id=CVE-2020-15801
17 Jul 2020 — In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. • https://bugs.python.org/issue41304 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2019-20907 – python: infinite loop in the tarfile module via crafted TAR archive
https://notcve.org/view.php?id=CVE-2019-20907
13 Jul 2020 — In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. En la biblioteca Lib/tarfile.py en Python versiones hasta 3.8.3, un atacante puede diseñar un archivo TAR conllevando a un bucle infinito cuando se abrió mediante tarfile.open, porque la función _proc_pax carece de comprobación de encabezado A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR arc... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2020-15523 – openSUSE Security Advisory - openSUSE-SU-2025:15713-1
https://notcve.org/view.php?id=CVE-2020-15523
04 Jul 2020 — In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. En Python versiones 3.6 hasta 3.6.10, 3.7 hasta 3.7.8, 3.8 hasta 3.... • https://bugs.python.org/issue29778 • CWE-427: Uncontrolled Search Path Element CWE-908: Use of Uninitialized Resource •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2020-10177 – python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c
https://notcve.org/view.php?id=CVE-2020-10177
25 Jun 2020 — Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. Pillow versiones anteriores a 7.1.0, presenta múltiples lecturas fuera de límites en la biblioteca libImaging/FliDecode.c A flaw was found in python-pillow. Multiple out-of-bounds reads occur in libImaging/FliDecode.c. USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. • https://github.com/python-pillow/Pillow/commits/master/src/libImaging • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11538 – python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2
https://notcve.org/view.php?id=CVE-2020-11538
25 Jun 2020 — In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. En la biblioteca libImaging/SgiRleDecode.c en Pillow versiones hasta 7.0.0, se presentan múltiples lecturas fuera de límites en el análisis de archivos de imagen SGI, un problema diferente de CVE-2020-5311 An out-of-bounds read/write flaw was found in python-pillow, in the way SGI RLE images are decoded. An application that uses python-pillow to... • https://github.com/python-pillow/Pillow/pull/4504 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10994 – python-pillow: multiple out-of-bounds reads via a crafted JP2 file
https://notcve.org/view.php?id=CVE-2020-10994
25 Jun 2020 — In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. En la biblioteca libImaging/Jpeg2KDecode.c en Pillow versiones anteriores a 7.1.0, se presentan múltiples lecturas fuera de límites por medio de un archivo JP2 diseñado An out-of-bounds read flaw was found in python-pillow in the way JP2 images are parsed. An application that uses python-pillow to decode untrusted images may be vulnerable to this issue. This flaw allows an attacker to read dat... • https://github.com/python-pillow/Pillow/commits/master/src/libImaging • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10379 – python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()
https://notcve.org/view.php?id=CVE-2020-10379
25 Jun 2020 — In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. En Pillow versiones anteriores a 7.1.0, se presentan dos Desbordamientos de Búfer en la biblioteca libImaging/TiffDecode.c Quay 3.4.0 release. Issues addressed include HTTP request smuggling, buffer overflow, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities. • https://github.com/python-pillow/Pillow/commit/46f4a349b88915787fea3fb91348bb1665831bbb#diff-9478f2787e3ae9668a15123b165c23ac • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10378 – python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files
https://notcve.org/view.php?id=CVE-2020-10378
25 Jun 2020 — In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. En la biblioteca libImaging/PcxDecode.c en Pillow versiones anteriores a 7.1.0, puede ocurrir una lectura fuera de límites cuando se leen archivos PCX donde state->shuffle es instruido para que lea más allá de state->buffer A flaw was found in python-pillow. In libImaging/PcxDecode.c, an out-of-bounds read occurs when reading PCX file... • https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7#diff-9478f2787e3ae9668a15123b165c23ac • CWE-125: Out-of-bounds Read •