Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 915
CVE-2012-1150
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
CVE-2012-0845
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.
CVE-2013-1753
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
BDU:2022-03163
Уязвимость интерпретатора языка программирования Python, вызванная ошибкой использования памяти после её освобождения, позволяющая нарушителю выполнить команды операционной системы
CVE-2011-4944
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
CVE-2011-4944
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ...
CVE-2011-4944
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
CVE-2012-2135
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
CVE-2012-2135
The utf-16 decoder in Python 3.1 through 3.3 does not update the align ...
CVE-2012-2135
The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-1150 Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | CVSS2: 5 | 2% Низкий | больше 13 лет назад |
| CVE-2012-0845 SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. | CVSS2: 5 | 3% Низкий | больше 13 лет назад |
 | CVE-2013-1753 The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | CVSS2: 4.3 | 0% Низкий | больше 13 лет назад |
 | BDU:2022-03163 Уязвимость интерпретатора языка программирования Python, вызванная ошибкой использования памяти после её освобождения, позволяющая нарушителю выполнить команды операционной системы | CVSS3: 5.9 | больше 13 лет назад | |
 | CVE-2011-4944 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | CVSS2: 1.9 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4944 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ... | CVSS2: 1.9 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4944 Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | CVSS2: 1.9 | 0% Низкий | больше 13 лет назад |
| CVE-2012-2135 The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. | CVSS2: 6.4 | 1% Низкий | больше 13 лет назад |
| CVE-2012-2135 The utf-16 decoder in Python 3.1 through 3.3 does not update the align ... | CVSS2: 6.4 | 1% Низкий | больше 13 лет назад |
| CVE-2012-2135 The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. | CVSS2: 6.4 | 1% Низкий | больше 13 лет назад |
Уязвимостей на страницу