CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31550
https://notcve.org/view.php?id=CVE-2022-31550
11 Jul 2022 — The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio olmax99/pyathenastack versiones hasta 08-11-2019 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31518
https://notcve.org/view.php?id=CVE-2022-31518
11 Jul 2022 — The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio JustAnotherSoftwareDeveloper/Python-Recipe-Database versiones hasta 31-03-2021 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31516
https://notcve.org/view.php?id=CVE-2022-31516
11 Jul 2022 — The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio Harveyzyh/Python versiones hasta 04-05-2022 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46823 – Ubuntu Security Notice USN-5508-1
https://notcve.org/view.php?id=CVE-2021-46823
18 Jun 2022 — python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. python-ldap versiones anteriores a 3.4.0, es vulnerable a una denegación de servicio cuando es usado ldap.schema para definiciones de esquemas que no son confiables... • https://exchange.xforce.ibmcloud.com/vulnerabilities/221507 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20052 – Python pgAdmin4 uncontrolled search path
https://notcve.org/view.php?id=CVE-2017-20052
16 Jun 2022 — A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/92 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 31%CPEs: 1EXPL: 2CVE-2022-30284
https://notcve.org/view.php?id=CVE-2022-30284
04 May 2022 — In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived over an untrusted network, and thus the CVSS score corresponds to an unrealistic use case. None of the NmapProcess documentation implies that this is an expected use case ** EN DISPUTA ** En el paquete python-libnm... • https://github.com/savon-noir/python-libnmap/releases • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.0EPSS: 1%CPEs: 11EXPL: 2CVE-2015-20107 – python: mailcap: findmatch() function does not sanitize the second argument
https://notcve.org/view.php?id=CVE-2015-20107
13 Apr 2022 — In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 En Python (también conocido como CPython) hasta la versión 3.10.8, el módulo mailcap no añade caracteres de escape en los comandos descubierto... • https://github.com/codeskipper/python-patrol • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-4189 – python: ftplib should not use the host from the PASV response
https://notcve.org/view.php?id=CVE-2021-4189
28 Mar 2022 — A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. Se ha encontrado un fallo en Python, concretamente en la bibliote... • https://access.redhat.com/security/cve/CVE-2021-4189 • CWE-252: Unchecked Return Value •
CVSS: 8.2EPSS: 0%CPEs: 71EXPL: 4CVE-2018-25032 – zlib: A flaw found in zlib when compressing (not decompressing) certain inputs
https://notcve.org/view.php?id=CVE-2018-25032
25 Mar 2022 — zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. zlib versiones anteriores a 1.2.12 permite la corrupción de memoria al desinflar (es decir, al comprimir) si la entrada tiene muchas coincidencias distantes An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payload... • https://github.com/Trinadh465/external_zlib_4.4_CVE-2018-25032 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2022-26488
https://notcve.org/view.php?id=CVE-2022-26488
07 Mar 2022 — In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) t... • https://github.com/techspence/PyPATHPwner • CWE-426: Untrusted Search Path •