Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud Crowbar 9 package python, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2021-3177 — CVSS 9.8 (critical): Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain…
CVE-2015-20107 — CVSS 7.6 (high): In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap…
CVE-2019-20916 — CVSS 7.5 (high): The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition…
CVE-2022-0391 — CVSS 7.5 (high): A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings…
CVE-2022-45061 — CVSS 7.5 (high): An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the…
CVE-2023-24329 — CVSS 7.5 (high): An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that…
CVE-2021-28861 — CVSS 7.4 (high): Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the…
CVE-2019-18348 — CVSS 6.1 (medium): An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the…
CVE-2021-23336 — CVSS 5.9 (medium): The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2…
CVE-2021-4189 — CVSS 5.3 (medium): A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the…