Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 924
CVE-2016-0772
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVE-2013-7440
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2013-7440
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...
CVE-2013-7440
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service ...
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-5636
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-0772 The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | CVSS3: 4.8 | 6% Низкий | почти 10 лет назад |
 | CVE-2013-7440 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | CVSS3: 5.9 | 0% Низкий | почти 10 лет назад |
| CVE-2013-7440 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ... | CVSS3: 5.9 | 0% Низкий | почти 10 лет назад |
 | CVE-2013-7440 The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | CVSS3: 5.9 | 0% Низкий | почти 10 лет назад |
| CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | CVSS3: 9.8 | 3% Низкий | почти 10 лет назад |
| CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service ... | CVSS3: 9.8 | 3% Низкий | почти 10 лет назад |
| CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | CVSS3: 9.8 | 3% Низкий | почти 10 лет назад |
| CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | CVSS2: 6.8 | 3% Низкий | почти 10 лет назад |
| CVE-2016-4472 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. | CVSS2: 5.1 | 2% Низкий | почти 10 лет назад |
| CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. | CVSS3: 4.5 | 45% Средний | около 10 лет назад |
Уязвимостей на страницу