Max CVSS 6.4 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-26137 6.4
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
08-10-2023 - 14:15 30-09-2020 - 18:15
CVE-2019-20907 5.0
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
24-05-2023 - 21:15 13-07-2020 - 13:15
CVE-2020-26116 6.4
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar
24-05-2023 - 21:15 27-09-2020 - 04:15
CVE-2020-14422 4.3
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary
16-05-2023 - 02:15 18-06-2020 - 14:15
CVE-2020-26137 5.0
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
30-09-2020 - 18:19 30-09-2020 - 18:15
CVE-2020-26137 5.0
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
30-09-2020 - 18:19 30-09-2020 - 18:15
CVE-2020-26116 5.0
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar
27-09-2020 - 22:01 27-09-2020 - 04:15
CVE-2020-26116 5.0
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first ar
27-09-2020 - 22:01 27-09-2020 - 04:15
CVE-2019-18874 5.0
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
18-11-2019 - 21:15 12-11-2019 - 02:15
Back to Top Mark selected
Back to Top