Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 887
SUSE-SU-2022:2174-1
Security update for python39
SUSE-SU-2022:2166-1
Security update for python3
SUSE-SU-2022:2147-1
Security update for python36
GHSA-w84r-7gx4-7v92
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20052
A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
GHSA-hr7v-m862-8hh8
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
GHSA-6qp6-q95v-x2qw
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
GHSA-cxqv-r2cc-r9c9
Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses.
GHSA-39mj-fpg2-3jrg
StackStorm st2 Infinite Loop Condition
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2022:2174-1 Security update for python39 | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2166-1 Security update for python3 | 1% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:2147-1 Security update for python36 | 1% Низкий | больше 3 лет назад | |
| GHSA-w84r-7gx4-7v92 A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 7.8 | 0% Низкий | больше 3 лет назад |
 | CVE-2017-20052 A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 5 | 0% Низкий | больше 3 лет назад |
 | CVE-2017-20052 A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | CVSS3: 5 | 0% Низкий | больше 3 лет назад |
| GHSA-hr7v-m862-8hh8 A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
| GHSA-6qp6-q95v-x2qw There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | CVSS3: 5.7 | 0% Низкий | больше 3 лет назад |
| GHSA-cxqv-r2cc-r9c9 Improper input validation of octal strings in Python stdlib ipaddress 3.10 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. IP address octects are left stripped instead of evaluated as valid IP addresses. | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад |
| GHSA-39mj-fpg2-3jrg StackStorm st2 Infinite Loop Condition | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу