Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 906
CVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
openSUSE-SU-2018:0966-1
Security update for python3
BDU:2021-03533
Уязвимость библиотеки library/glob.html пакета программ Python, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
SUSE-SU-2018:0934-1
Security update for python3
SUSE-SU-2018:0768-1
Security update for python
CVE-2018-1061
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1060
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1000117
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
CVE-2018-1000117
Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ...
CVE-2018-1000117
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2018-25032 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | CVSS3: 8.2 | 0% Низкий | почти 8 лет назад |
 | openSUSE-SU-2018:0966-1 Security update for python3 | 1% Низкий | почти 8 лет назад | |
 | BDU:2021-03533 Уязвимость библиотеки library/glob.html пакета программ Python, позволяющая нарушителю оказать воздействие на целостность защищаемой информации | CVSS3: 7.5 | 2% Низкий | почти 8 лет назад |
| SUSE-SU-2018:0934-1 Security update for python3 | 1% Низкий | почти 8 лет назад | |
| SUSE-SU-2018:0768-1 Security update for python | 3% Низкий | почти 8 лет назад | |
| CVE-2018-1061 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | CVSS3: 6.5 | 2% Низкий | почти 8 лет назад |
| CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | CVSS3: 4.3 | 1% Низкий | почти 8 лет назад |
 | CVE-2018-1000117 Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. | CVSS3: 6.7 | 0% Низкий | почти 8 лет назад |
| CVE-2018-1000117 Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ... | CVSS3: 6.7 | 0% Низкий | почти 8 лет назад |
 | CVE-2018-1000117 Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. | CVSS3: 6.7 | 0% Низкий | почти 8 лет назад |
Уязвимостей на страницу