Количество 69
Количество 69
CVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
CVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
CVE-2021-3177
CVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...
SUSE-SU-2020:3865-1
Security update for python36
GHSA-hc96-xw56-vfwh
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
ELSA-2021-9130
ELSA-2021-9130: python38:3.8 security update (IMPORTANT)
ELSA-2021-9129
ELSA-2021-9129: python36:3.6 security update (IMPORTANT)
ELSA-2021-9128
ELSA-2021-9128: python27:2.7 security update (IMPORTANT)
ELSA-2021-9107
ELSA-2021-9107: python security update (IMPORTANT)
ELSA-2021-9101
ELSA-2021-9101: python3 security update (IMPORTANT)
ELSA-2021-9100
ELSA-2021-9100: python3 security update (IMPORTANT)
BDU:2021-01781
Уязвимость функции PyCArg_repr (ctypes/callproc.c) интерпретатора языка программирования Python, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2021:0331-1
Security update for python3
openSUSE-SU-2021:0270-1
Security update for python
SUSE-SU-2021:0529-1
Security update for python3
SUSE-SU-2021:0432-1
Security update for python
SUSE-SU-2021:0428-1
Security update for python36
SUSE-SU-2021:0355-1
Security update for python
CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | CVSS3: 9.8 | 0% Низкий | больше 4 лет назад |
 | CVSS3: 9.8 | 0% Низкий | больше 4 лет назад | |
| CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ... | CVSS3: 9.8 | 0% Низкий | больше 4 лет назад |
 | SUSE-SU-2020:3865-1 Security update for python36 | больше 4 лет назад | ||
| GHSA-hc96-xw56-vfwh Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | CVSS3: 9.8 | 0% Низкий | около 3 лет назад |
| ELSA-2021-9130 ELSA-2021-9130: python38:3.8 security update (IMPORTANT) | около 4 лет назад | ||
| ELSA-2021-9129 ELSA-2021-9129: python36:3.6 security update (IMPORTANT) | около 4 лет назад | ||
| ELSA-2021-9128 ELSA-2021-9128: python27:2.7 security update (IMPORTANT) | около 4 лет назад | ||
| ELSA-2021-9107 ELSA-2021-9107: python security update (IMPORTANT) | больше 4 лет назад | ||
| ELSA-2021-9101 ELSA-2021-9101: python3 security update (IMPORTANT) | больше 4 лет назад | ||
| ELSA-2021-9100 ELSA-2021-9100: python3 security update (IMPORTANT) | больше 4 лет назад | ||
 | BDU:2021-01781 Уязвимость функции PyCArg_repr (ctypes/callproc.c) интерпретатора языка программирования Python, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 0% Низкий | больше 4 лет назад |
| openSUSE-SU-2021:0331-1 Security update for python3 | больше 4 лет назад | ||
| openSUSE-SU-2021:0270-1 Security update for python | больше 4 лет назад | ||
| SUSE-SU-2021:0529-1 Security update for python3 | больше 4 лет назад | ||
| SUSE-SU-2021:0432-1 Security update for python | больше 4 лет назад | ||
| SUSE-SU-2021:0428-1 Security update for python36 | больше 4 лет назад | ||
| SUSE-SU-2021:0355-1 Security update for python | больше 4 лет назад | ||
 | CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | CVSS3: 5.9 | 0% Низкий | больше 4 лет назад |
Уязвимостей на страницу