Количество 43
Количество 43
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
CVE-2019-9636
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...
GHSA-38fc-9xqv-7f7q
SQLAlchemy is vulnerable to SQL Injection via group_by parameter
BDU:2020-03282
Уязвимость библиотеки для работы с реляционными СУБД SQLAlchemy, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2019:1371-1
Security update for python3
openSUSE-SU-2019:1282-1
Security update for python3
SUSE-SU-2019:0971-1
Security update for python3
SUSE-SU-2019:0961-1
Security update for python3
GHSA-v82r-hg27-h4wh
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
ELSA-2019-0997
ELSA-2019-0997: python3 security update (IMPORTANT)
ELSA-2019-0710
ELSA-2019-0710: python security update (IMPORTANT)
BDU:2020-00690
Уязвимость интерпретатора языка программирования Python, связанная с ошибками управления регистрационными данными, позволяющая нарушителю получить доступ к конфиденциальным данным
openSUSE-SU-2019:1580-1
Security update for python
openSUSE-SU-2019:1273-1
Security update for python
SUSE-SU-2019:1439-1
Security update for python
SUSE-SU-2019:14018-1
Security update for python
SUSE-SU-2019:0972-1
Security update for python
ELSA-2019-1467
ELSA-2019-1467: python security update (IMPORTANT)
SUSE-SU-2020:0302-1
Security update for python36
openSUSE-SU-2020:0086-1
Security update for python3
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | CVSS3: 9.8 | 6% Низкий | больше 6 лет назад |
| CVE-2019-9636 Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ... | CVSS3: 9.8 | 6% Низкий | больше 6 лет назад |
| GHSA-38fc-9xqv-7f7q SQLAlchemy is vulnerable to SQL Injection via group_by parameter | CVSS3: 7.8 | 1% Низкий | около 6 лет назад |
 | BDU:2020-03282 Уязвимость библиотеки для работы с реляционными СУБД SQLAlchemy, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.8 | 1% Низкий | больше 6 лет назад |
 | openSUSE-SU-2019:1371-1 Security update for python3 | 6% Низкий | около 6 лет назад | |
| openSUSE-SU-2019:1282-1 Security update for python3 | 6% Низкий | около 6 лет назад | |
| SUSE-SU-2019:0971-1 Security update for python3 | 6% Низкий | около 6 лет назад | |
| SUSE-SU-2019:0961-1 Security update for python3 | 6% Низкий | около 6 лет назад | |
| GHSA-v82r-hg27-h4wh Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. | CVSS3: 9.8 | 6% Низкий | около 3 лет назад |
| ELSA-2019-0997 ELSA-2019-0997: python3 security update (IMPORTANT) | почти 6 лет назад | ||
| ELSA-2019-0710 ELSA-2019-0710: python security update (IMPORTANT) | около 6 лет назад | ||
| BDU:2020-00690 Уязвимость интерпретатора языка программирования Python, связанная с ошибками управления регистрационными данными, позволяющая нарушителю получить доступ к конфиденциальным данным | CVSS3: 7.5 | 6% Низкий | больше 6 лет назад |
| openSUSE-SU-2019:1580-1 Security update for python | около 6 лет назад | ||
| openSUSE-SU-2019:1273-1 Security update for python | около 6 лет назад | ||
| SUSE-SU-2019:1439-1 Security update for python | около 6 лет назад | ||
| SUSE-SU-2019:14018-1 Security update for python | около 6 лет назад | ||
| SUSE-SU-2019:0972-1 Security update for python | около 6 лет назад | ||
| ELSA-2019-1467 ELSA-2019-1467: python security update (IMPORTANT) | около 6 лет назад | ||
| SUSE-SU-2020:0302-1 Security update for python36 | больше 5 лет назад | ||
| openSUSE-SU-2020:0086-1 Security update for python3 | больше 5 лет назад |
Уязвимостей на страницу