Количество 58
Количество 58
SUSE-SU-2025:0049-1
Security update for python310
SUSE-SU-2025:0047-1
Security update for python39
RLSA-2024:10983
Moderate: python3.9:3.9.21 security update
RLSA-2024:10779
Moderate: python3:3.6.8 security update
ELSA-2024-10983
ELSA-2024-10983: python3.9:3.9.21 security update (MODERATE)
ELSA-2024-10779
ELSA-2024-10779: python3:3.6.8 security update (MODERATE)
RLSA-2025:23530
Important: python39:3.9 security update
ELSA-2025-23530
ELSA-2025-23530: python39:3.9 security update (IMPORTANT)
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-11168
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly valida ...
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI wh ...
SUSE-SU-2025:1056-1
Security update for python3
SUSE-SU-2025:1043-1
Security update for python36
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2025:0049-1 Security update for python310 | около 1 года назад | ||
| SUSE-SU-2025:0047-1 Security update for python39 | около 1 года назад | ||
 | RLSA-2024:10983 Moderate: python3.9:3.9.21 security update | 11 месяцев назад | ||
| RLSA-2024:10779 Moderate: python3:3.6.8 security update | около 1 года назад | ||
| ELSA-2024-10983 ELSA-2024-10983: python3.9:3.9.21 security update (MODERATE) | около 1 года назад | ||
| ELSA-2024-10779 ELSA-2024-10779: python3:3.6.8 security update (MODERATE) | около 1 года назад | ||
| RLSA-2025:23530 Important: python39:3.9 security update | около 2 месяцев назад | ||
| ELSA-2025-23530 ELSA-2025-23530: python39:3.9 security update (IMPORTANT) | около 1 месяца назад | ||
 | CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | CVSS3: 3.7 | 1% Низкий | около 1 года назад |
 | CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | CVSS3: 3.7 | 1% Низкий | около 1 года назад |
 | CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | CVSS3: 3.7 | 1% Низкий | около 1 года назад |
 | CVSS3: 3.7 | 1% Низкий | около 1 года назад | |
| CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly valida ... | CVSS3: 3.7 | 1% Низкий | около 1 года назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 6.3 | 0% Низкий | больше 1 года назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | больше 1 года назад |
| CVSS3: 7.8 | 0% Низкий | 11 месяцев назад | |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI wh ... | CVSS3: 7.8 | 0% Низкий | больше 1 года назад |
| SUSE-SU-2025:1056-1 Security update for python3 | 1% Низкий | 10 месяцев назад | |
| SUSE-SU-2025:1043-1 Security update for python36 | 1% Низкий | 10 месяцев назад |
Уязвимостей на страницу