Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 879
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows rem ...
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2016-0772
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2013-7440
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2013-7440
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...
CVE-2013-7440
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | CVSS3: 6.5 | 14% Средний | около 9 лет назад |
| CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows rem ... | CVSS3: 6.5 | 14% Средний | около 9 лет назад |
 | CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | CVSS3: 6.5 | 14% Средний | около 9 лет назад |
| CVE-2016-4472 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. | CVSS3: 8.1 | 2% Низкий | около 9 лет назад |
 | CVE-2016-3189 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | CVSS2: 4.3 | 14% Средний | около 9 лет назад |
| CVE-2016-0772 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 4.8 | 7% Низкий | около 9 лет назад |
| CVE-2013-7440 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | CVSS3: 5.9 | 0% Низкий | около 9 лет назад |
| CVE-2013-7440 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ... | CVSS3: 5.9 | 0% Низкий | около 9 лет назад |
| CVE-2013-7440 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | CVSS3: 5.9 | 0% Низкий | около 9 лет назад |
| CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | CVSS3: 9.8 | 2% Низкий | около 9 лет назад |
Уязвимостей на страницу