| CVEs |
Description |
Severity |
| CVE-2020-14343 |
AML PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by a
flaw when processing untrusted YAML files through the full_load method or with the FullLoader
loader. |
Medium |
| CVE-2020-25032 |
Flask-CORS could allow a remote attacker to traverse directories on the system. |
Medium |
| CVE-2021-42771 |
Python-Babel Babel could allow a local authenticated attacker to traverse directories on the
system, caused by a flaw in the Babel |
Medium |
| CVE-2020-26137 |
urllib3 remote attacker could exploit this vulnerability to conduct various attacks against
the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. |
Medium |
| CVE-2021-33503 |
urllib3 by sending a specially-crafted request, a remote attacker could exploit this
vulnerability to cause a denial of service condition. |
Medium |
| CVE-2020-7212 |
By sending a specially-crafted request, a remote attacker could exploit this vulnerability to
cause a denial of service condition. |
Medium |
| CVE-2023-30861 |
Pallets Flask by sending a specially crafted request, an attacker could exploit this
vulnerability to obtain permanent session cookie information, and use this information to launch
further attacks against the affected system. |
High |
| CVE-2023-32681 |
python-requests could allow a remote attacker to obtain sensitive information, caused by the
leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS
origin. |
Medium |
| CVE-2023-37920 |
An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown
impact and attack vector. |
Low |
| CVE-2023-36478 |
Eclipse Jetty by sending a specially crafted request, a remote attacker could exploit this
vulnerability to cause a denial of service condition. |
High |
| CVE-2023-46136 |
Pallets Werkzeug by sending a specially crafted request, a remote authenticated attacker
could exploit this vulnerability to cause a denial of service condition. |
Medium |
| CVE-2023-43804 |
urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused
by a flaw with cookie request header not stripped during cross-origin redirects. |
Medium |
| CVE-2023-45803 |
urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused
by a flaw with not remove the HTTP request body when an HTTP redirect response using status
303. |
Medium |
| CVE-2024-22195 |
Pallets Jinja a remote authenticated attacker could exploit this vulnerability to inject
malicious script into a Web page which would be executed in a victim's Web browser within
the security context of the hosting Web site, once the page is viewed. |
Medium |
| CVE-2024-25710 |
Apache Commons Compress a remote attacker could exploit this vulnerability to cause a denial
of service condition. |
Medium |
| CVE-2024-26308 |
Apache Commons Compress a remote attacker could exploit this vulnerability to cause a denial
of service condition. |
Medium |
| CVE-2024-1135 |
Gunicorn By sending a specially crafted HTTP(S) transfer-encoding header, an attacker could
exploit this vulnerability to poison the web cache, bypass web application firewall protection, and
conduct XSS attacks. |
High |
| CVE-2024-34064 |
Jinja a remote attacker could exploit this vulnerability to inject other attributes into a
Web page which would be executed in a victims Web browser within the security context of the hosting
Web site, once the page is viewed. |
Medium |
| CVE-2024-35195 |
Psf Requests could allow a local authenticated attacker to bypass security restrictions,
caused by an incorrect control flow implementation vulnerability. |
Medium |
| CVE-2024-37891 |
urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused
by the failure to strip the Proxy-Authorization header during cross-origin redirects. |
Medium |
| CVE-2024-39689 |
Certifi python-certifi could provide weaker than expected security, caused by the use of
GLOBALTRUST root certificate. |
Low |
| CVE-2024-3651 |
idna could allow a local user to cause a denial of service using a specially crafted argument
to the idna.encode() function and consume system resources. |
Medium |
| CVE-2024-5569 |
zipp is a local attacker could exploit this vulnerability to cause a denial of service
condition. |
Medium |
| CVE-2024-6221 |
Flask-CORS could allow a remote attacker to obtain sensitive information, caused by a flaw
with Access-Control-Allow-Private-Network is always set to true. |
Medium |
| CVE-2024-56201 |
Jinja is an extensible templating engine. To exploit the vulnerability, an attacker needs to
control both the filename and the contents of a template. |
High |
| CVE-2024-56326 |
Jinja is an extensible templating engine. To exploit the vulnerability, an attacker needs to
control the content of a template. |
Medium |
| CVE-2023-26464 |
Apache Log4j a remote attacker could exploit this vulnerability to exhaust available memory
in the virtual machine, and results in a denial of service condition. |
High |
| CVE-2023-48795 |
By this an attacker can remove an arbitrary amount of messages sent by the client or server
at the beginning of the secure channel without the client or server noticing it. |
Medium |
| CVE-2023-52323 |
Pycryptodomex allow side-channel leakage for OAEP decryption, exploitable for a Manger
attack. |
Medium |