Количество 46
Количество 46
SUSE-SU-2025:0049-1
Security update for python310
SUSE-SU-2025:0047-1
Security update for python39
RLSA-2024:10779
Moderate: python3:3.6.8 security update
ELSA-2024-10983
ELSA-2024-10983: python3.9:3.9.21 security update (MODERATE)
ELSA-2024-10779
ELSA-2024-10779: python3:3.6.8 security update (MODERATE)
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-11168
CVE-2024-11168
The urllib.parse.urlsplit() and urlparse() functions improperly valida ...
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI wh ...
SUSE-SU-2025:1056-1
Security update for python3
SUSE-SU-2025:1043-1
Security update for python36
SUSE-SU-2025:1041-1
Security update for python3
SUSE-SU-2025:0869-1
Security update for python
SUSE-SU-2025:0861-1
Security update for python
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2025:0049-1 Security update for python310 | 5 месяцев назад | ||
| SUSE-SU-2025:0047-1 Security update for python39 | 5 месяцев назад | ||
 | RLSA-2024:10779 Moderate: python3:3.6.8 security update | 6 месяцев назад | ||
| ELSA-2024-10983 ELSA-2024-10983: python3.9:3.9.21 security update (MODERATE) | 6 месяцев назад | ||
| ELSA-2024-10779 ELSA-2024-10779: python3:3.6.8 security update (MODERATE) | 7 месяцев назад | ||
 | CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
 | CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
 | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад | |
| CVE-2024-11168 The urllib.parse.urlsplit() and urlparse() functions improperly valida ... | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 6.3 | 0% Низкий | 8 месяцев назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
| CVSS3: 7.8 | 0% Низкий | 3 месяца назад | |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI wh ... | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
| SUSE-SU-2025:1056-1 Security update for python3 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:1043-1 Security update for python36 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:1041-1 Security update for python3 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:0869-1 Security update for python | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:0861-1 Security update for python | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу