| Max CVSS | 6.4 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-20916 | 5.0 |
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occ
|
08-02-2024 - 02:04 | 04-09-2020 - 20:15 | |
| CVE-2019-16056 | 5.0 |
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple
|
28-02-2023 - 14:30 | 06-09-2019 - 18:15 | |
| CVE-2019-9636 | 5.0 |
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a
|
25-07-2022 - 18:15 | 08-03-2019 - 21:29 | |
| CVE-2019-9948 | 6.4 |
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call
|
30-06-2022 - 17:14 | 23-03-2019 - 18:29 | |
| CVE-2019-14850 | 2.6 |
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to th
|
24-03-2021 - 18:05 | 18-03-2021 - 19:15 |