Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 910
CVE-2014-2667
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
CVE-2014-2667
Race condition in the _get_masked_mode function in Lib/os.py in Python ...
CVE-2014-2667
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ...
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
BDU:2015-00665
Уязвимость программного обеспечения Python, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
BDU:2015-00666
Уязвимость программного обеспечения Python, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-2667 Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | CVSS2: 3.3 | 0% Низкий | около 11 лет назад |
| CVE-2014-2667 Race condition in the _get_masked_mode function in Lib/os.py in Python ... | CVSS2: 3.3 | 0% Низкий | около 11 лет назад |
 | CVE-2014-2667 Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. | CVSS2: 3.3 | 0% Низкий | около 11 лет назад |
| CVE-2014-7185 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | CVSS2: 6.4 | 1% Низкий | больше 11 лет назад |
| CVE-2014-7185 Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ... | CVSS2: 6.4 | 1% Низкий | больше 11 лет назад |
| CVE-2014-7185 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | CVSS2: 6.4 | 1% Низкий | больше 11 лет назад |
 | BDU:2015-00665 Уязвимость программного обеспечения Python, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации | CVSS2: 5 | больше 11 лет назад | |
| BDU:2015-00666 Уязвимость программного обеспечения Python, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации | CVSS2: 9.3 | 6% Низкий | больше 11 лет назад |
 | CVE-2014-7185 Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | CVSS2: 4 | 1% Низкий | больше 11 лет назад |
| CVE-2014-4650 The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | CVSS2: 5 | 6% Низкий | больше 11 лет назад |
Уязвимостей на страницу