CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31575
https://notcve.org/view.php?id=CVE-2022-31575
11 Jul 2022 — The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio duducosmos/livro_python versiones hasta 06-06-2018 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31571
https://notcve.org/view.php?id=CVE-2022-31571
11 Jul 2022 — The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio akashtalole/python-flask-restful-api versiones hasta 16-09-2019 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31550
https://notcve.org/view.php?id=CVE-2022-31550
11 Jul 2022 — The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio olmax99/pyathenastack versiones hasta 08-11-2019 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31518
https://notcve.org/view.php?id=CVE-2022-31518
11 Jul 2022 — The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio JustAnotherSoftwareDeveloper/Python-Recipe-Database versiones hasta 31-03-2021 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31516
https://notcve.org/view.php?id=CVE-2022-31516
11 Jul 2022 — The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. El repositorio Harveyzyh/Python versiones hasta 04-05-2022 en GitHub, permite un salto de ruta absoluto porque la función send_file de Flask es usada de forma no segura • https://github.com/github/securitylab/issues/669#issuecomment-1117265726 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46823 – Ubuntu Security Notice USN-5508-1
https://notcve.org/view.php?id=CVE-2021-46823
18 Jun 2022 — python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. python-ldap versiones anteriores a 3.4.0, es vulnerable a una denegación de servicio cuando es usado ldap.schema para definiciones de esquemas que no son confiables... • https://exchange.xforce.ibmcloud.com/vulnerabilities/221507 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20052 – Python pgAdmin4 uncontrolled search path
https://notcve.org/view.php?id=CVE-2017-20052
16 Jun 2022 — A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/92 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2022-30595
https://notcve.org/view.php?id=CVE-2022-30595
25 May 2022 — libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. El archivo libImaging/TgaRleDecode.c en Pillow versión 9.1.0, presenta un desbordamiento del búfer de la pila en el procesamiento de archivos de imagen TGA no válidos • https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28470
https://notcve.org/view.php?id=CVE-2022-28470
08 May 2022 — marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. El paquete marcador en PyPI versiones 0.1 hasta 0.13, incluía una puerta trasera de ejecución de código • http://pypi.doubanio.com/simple/request •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24902 – Memory issue in playing videos
https://notcve.org/view.php?id=CVE-2022-24902
05 May 2022 — TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later. TkVideoplayer es una sencilla biblioteca para reproducir archivos de vídeo en tkinter. • https://github.com/PaulleDemon/tkVideoPlayer/issues/3 • CWE-400: Uncontrolled Resource Consumption •