RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://python-security.readthedocs.io/vulnerabilities.html below:

Python Security Vulnerabilities — Python Security 0.0 documentation

Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple

2023-03-24

–

3.10
3.7
3.8
3.9

CVE-2023-27043

urlparse does not correctly handle schemes

2022-11-12

3.11.1

3.10
3.7
3.8
3.9

CVE-2023-24329

Buffer overflow in the _sha3 module in Python 3.10 and older

2022-10-21

3.7.16
3.8.16
3.9.16
3.10.9

–

CVE-2022-37454

Slow IDNA decoding with large strings

2022-10-19

3.7.16
3.8.16
3.9.16
3.10.9
3.11.1

–

CVE-2022-45061

Linux specific local privilege escalation via the multiprocessing forkserver start method

2022-09-23

3.9.16
3.10.9
3.11.0

–

CVE-2022-42919

Prevent DoS by large str-int conversions

2022-08-08

3.7.14
3.8.14
3.9.14
3.10.7
3.11.0

–

CVE-2020-10735

Windows: vulnerable zlib 1.2.11

2022-04-01

3.7.14
3.8.14
3.9.13
3.10.5

–

CVE-2018-25032

Windows: vulnerable bzip2 1.0.6

2021-07-02

3.7.13
3.8.13
3.9.11
3.10.3

–

CVE-2016-3189
CVE-2019-12900

CVE-2013-0340 Billion Laughs fixed in Expat 2.4.0

2021-06-11

3.6.15
3.7.12
3.8.12
3.9.7
3.10.0

–

CVE-2013-0340

CVE-2021-3737: urllib HTTP client possible infinite loop on a 100 Continue response

2021-05-03

3.6.14
3.7.11
3.8.11
3.9.6
3.10.0

–

CVE-2021-3737

urllib.parse should sanitize urls containing ASCII newline and tabs.

2021-04-18

3.6.14
3.7.11
3.8.11
3.9.5
3.10.0

–

CVE-2022-0391

ipaddress leading zeros in IPv4 address

2021-03-30

3.8.12
3.9.5
3.10.0

–

CVE-2021-29921

ftplib should not use the host from the PASV response

2021-02-21

3.6.14
3.7.11
3.8.9
3.9.3
3.10.0

–

http.server: Open Redirection if the URL path starts with //

2021-02-14

3.7.14
3.8.14
3.9.14
3.10.6
3.11.0

–

CVE-2021-28861

CVE-2021-3733: ReDoS in urllib.request

2021-01-30

3.6.14
3.7.11
3.8.10
3.9.5
3.10.0

–

CVE-2021-3733

Information disclosure via pydoc getfile

2021-01-21

3.6.14
3.7.11
3.8.9
3.9.3
3.10.0

–

CVE-2021-3426

urllib parse_qsl(): Web cache poisoning - semicolon as a query args separator

2021-01-19

3.6.13
3.7.10
3.8.8
3.9.2
3.10.0

–

CVE-2021-23336

ctypes: Buffer overflow in PyCArg_repr

2021-01-16

3.6.13
3.7.10
3.8.8
3.9.2
3.10.0

–

CVE-2021-3177

CJK codecs tests call eval() on content retrieved via HTTP

2020-10-05

3.6.13
3.7.10
3.8.7
3.9.1
3.10.0

–

CVE-2020-27619

[CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface

2020-06-17

3.5.10
3.6.12
3.7.9
3.8.4
3.9.0

–

CVE-2020-14422

http.client: HTTP Header Injection in the HTTP method

2020-02-10

3.5.10
3.6.12
3.7.9
3.8.5
3.9.0

–

CVE-2020-26116

CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7

2020-01-21

3.6.11
3.7.7
3.8.2
3.9.0

–

CVE-2020-8315

Email header injection in Address objects

2019-12-17

3.5.10
3.6.11
3.7.8
3.8.4
3.9.0

–

Infinite loop in tarfile module while opening a crafted file

2019-12-10

3.5.10
3.6.12
3.7.9
3.8.5
3.9.0

–

CVE-2019-20907

Remove newline characters from uu encoding methods

2019-11-30

2.7.18
3.5.10
3.6.10
3.7.6
3.8.1
3.9.0

–

urllib basic auth regex denial of service

2019-11-17

3.5.10
3.6.11
3.7.8
3.8.3
3.9.0

–

CVE-2020-8492

Regular Expression Denial of Service in http.cookiejar

2019-11-14

2.7.18
3.5.10
3.6.10
3.7.6
3.8.1
3.9.0

–

CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()

2019-10-24

2.7.18
3.5.10
3.6.11
3.7.8
3.8.3
3.9.0

–

CVE-2019-18348

Reflected XSS in DocXMLRPCServer

2019-09-21

2.7.17
3.5.8
3.6.10
3.7.5
3.8.0

–

CVE-2019-16935

ssl.match_hostname() ignores extra string after whitespace in IPv4 address

2019-07-01

3.7.4
3.8.0

–

urlsplit does not handle NFKC normalization (second fix)

2019-04-27

2.7.17
3.5.8
3.6.9
3.7.4
3.8.0

–

CVE-2019-10160

urlsplit does not handle NFKC normalization

2019-03-06

2.7.17
3.5.7
3.6.9
3.7.3
3.8.0

–

CVE-2019-9636

urllib module local_file:// scheme

2019-02-06

2.7.17
3.5.8
3.6.9
3.7.4
3.8.0

–

CVE-2019-9948

TALOS-2018-0758 SSL CRL distribution points Denial of Service

2019-01-15

2.7.16
3.4.10
3.5.7
3.6.9
3.7.3
3.8.0

–

CVE-2019-5010

http.cookiejar: Incorrect validation of path

2019-01-03

2.7.17
3.4.10
3.5.7
3.6.9
3.7.3
3.8.0

–

xml package does not obey ignore_environment

2018-09-24

2.7.16
3.4.10
3.5.7
3.6.8
3.7.2
3.8.0

–

pickle.load denial of service

2018-09-13

3.4.10
3.5.7
3.6.7
3.7.1
3.8.0

–

CVE-2018-20406

_elementree C accelerator doesn’t call XML_SetHashSalt()

2018-09-10

2.7.16
3.4.10
3.5.7
3.6.7
3.7.1
3.8.0

–

CVE-2018-14647

email.utils.parseaddr mistakenly parse an email

2018-07-19

2.7.17
3.5.8
3.6.10
3.7.5
3.8.0

–

CVE-2019-16056

Email folding function Denial-of-Service

2018-05-16

3.6.9
3.7.4
3.8.0

–

Buffer overflow vulnerability in os.symlink on Windows

2018-03-05

3.4.9
3.5.6
3.6.5
3.7.0

–

CVE-2018-1000117

difflib and poplib catastrophic backtracking

2018-03-02

2.7.15
3.4.9
3.5.6
3.6.5
3.7.0

–

CVE-2018-1060
CVE-2018-1061

Python 2.7 readahead is not thread safe

2017-09-20

2.7.15

–

CVE-2018-1000030

Expat 2.2.3

2017-07-17

2.7.14
3.3.7
3.4.8
3.5.5
3.6.3
3.7.0

–

Environment variables injection in subprocess on Windows

2017-06-22

2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0

–

Expat 2.2.1

2017-06-17

2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0

–

CVE-2012-0876
CVE-2016-0718
CVE-2016-9063
CVE-2017-9233

PyString_DecodeEscape integer overflow

2017-06-13

2.7.14
3.4.8
3.5.5

–

CVE-2017-1000158

bpo-30500: urllib connects to a wrong host

2017-05-29

2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0

–

HTTP Header Injection (follow-up of CVE-2016-5699)

2017-05-24

2.7.17
3.5.8
3.6.9
3.7.4
3.8.0

–

CVE-2019-9740
CVE-2019-9947

Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path

2017-03-10

3.5.10
3.6.12
3.7.9
3.8.4
3.9.0

–

CVE-2020-15523

urllib FTP protocol stream injection

2017-02-20

2.7.14
3.3.7
3.4.7
3.5.4
3.6.3
3.7.0

–

Expat 2.2 (Expat bug #537)

2017-02-17

2.7.14
3.3.7
3.4.7
3.5.4
3.6.2
3.7.0

–

CVE-2016-0718
CVE-2016-4472

Zlib 1.2.11

2017-01-05

2.7.14
3.4.8
3.5.4
3.6.1
3.7.0

–

CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843

gettext.c2py()

2016-10-30

2.7.13
3.3.7
3.4.6
3.5.3
3.6.0

–

Sweet32 attack (DES, 3DES)

2016-08-24

2.7.13
3.4.7
3.5.3
3.6.0

–

CVE-2016-2183

HTTPoxy attack

2016-07-18

2.7.13
3.3.7
3.4.6
3.5.3
3.6.0

–

CVE-2016-1000110

smtplib TLS stripping

2016-06-11

2.7.12
3.3.7
3.4.5
3.5.2
3.6.0

–

CVE-2016-0772

Issue #26657: HTTP server directory traversal

2016-03-28

2.7.12
3.3.7
3.4.7
3.5.2
3.6.0

–

Issue #26556: Expat 2.1.1

2016-03-14

2.7.12
3.3.7
3.4.5
3.5.2
3.6.0

–

CVE-2015-1283

zipimporter overflow

2016-01-21

2.7.12
3.3.7
3.4.5
3.5.2
3.6.0

–

CVE-2016-5636

mailcap shell command injection

2015-08-02

3.7.16
3.8.16
3.9.16
3.10.8
3.11.0

–

CVE-2015-20107

HTTP header injection

2014-11-24

2.7.10
3.3.7
3.4.4
3.5.0

–

CVE-2016-5699

Validate TLS certificate

2014-08-28

2.7.9
3.4.3
3.5.0

–

CVE-2014-9365

buffer() integer overflows

2014-06-24

2.7.8

–

CVE-2014-7185

JSONDecoder.raw_decode

2014-04-13

2.7.7
3.2.6
3.3.6
3.4.1
3.5.0

–

CVE-2014-4616

os.makedirs() not thread-safe

2014-03-28

3.2.6
3.3.6
3.4.1
3.5.0

–

CVE-2014-2667

socket.recvfrom_into() overflow

2014-01-14

2.7.7
3.2.6
3.3.4
3.4.0

–

CVE-2014-1912

zipfile DoS using invalid file size

2013-12-27

3.3.4
3.4.0

–

CVE-2013-7338

CGI directory traversal (URL parsing)

2013-10-29

2.7.6
3.2.6
3.3.4
3.4.0

–

ssl: NULL in subjectAltNames

2013-06-27

2.6.9
2.7.6
3.2.6
3.3.3
3.4.0

–

CVE-2013-4238

ssl.match_hostname() IDNA issue

2013-05-17

3.3.3
3.4.0

–

CVE-2013-7440

ssl.match_hostname() wildcard DoS

2013-05-15

3.2.6
3.3.3
3.4.0

–

CVE-2013-2099

Limit imaplib.IMAP4_SSL.readline()

2012-09-25

2.7.16

–

CVE-2013-1752

ftplib unlimited read

2012-09-25

2.7.6
3.2.6
3.3.3
3.4.0

–

CVE-2013-1752

nntplib unlimited read

2012-09-25

2.6.9
2.7.6
3.2.6
3.3.7
3.4.3
3.5.0

–

CVE-2013-1752

poplib unlimited read

2012-09-25

2.7.9
3.2.6
3.3.7
3.4.3
3.5.0

–

CVE-2013-1752

smtplib unlimited read

2012-09-25

2.7.9
3.2.6
3.3.7
3.4.3
3.5.0

–

CVE-2013-1752

xmlrpc gzip unlimited read

2012-09-25

2.7.9
3.3.7
3.4.3
3.5.0

–

CVE-2013-1753

Hash function not randomized properly

2012-04-19

3.4.0

–

CVE-2013-7040

Vulnerability in the utf-16 decoder after error handling

2012-04-14

2.7.4
3.2.4
3.3.0

–

CVE-2012-2135

XML-RPC DoS

2012-02-13

2.6.8
2.7.3
3.1.5
3.2.3
3.3.0

–

CVE-2012-0845

ssl CBC IV attack

2012-01-27

2.6.8
2.7.3
3.1.5
3.2.3
3.3.0

–

CVE-2011-3389

Hash DoS

2011-12-28

2.6.8
2.7.3
3.1.5
3.2.3
3.3.0

–

CVE-2012-1150

pypirc created insecurely

2011-11-30

2.7.4
3.2.4
3.3.1
3.4.0

–

CVE-2011-4944

urllib redirect

2011-03-24

2.5.6
2.6.7
2.7.2
3.1.4
3.2.1
3.3.0

–

CVE-2011-1521

SimpleHTTPServer UTF-7

2011-03-08

2.5.6
2.6.7
2.7.2
3.2.4
3.3.1
3.4.0

–

CVE-2011-4940

audioop integer overflows

2010-05-10

2.6.6
2.7.0
3.1.3
3.2.0

–

CVE-2010-1634

audioop input validation

2010-01-11

2.6.6
2.7.2
3.1.3
3.2.0

–

CVE-2010-2089

httplib unlimited read

2009-08-28

2.7.2
3.1.4
3.2.0

–

CVE-2013-1752

smtpd accept bug and race condition

2009-08-14

2.7.1
3.1.3
3.2.0

–

CVE-2010-3492
CVE-2010-3493

Multiple integer overflows (Apple)

2008-07-31

2.6.0
3.0.0

–

CVE-2008-1679
CVE-2008-1721
CVE-2008-1887
CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3144
CVE-2008-4864

Multiple integer overflows (Google)

2008-04-11

2.5.3
2.6.0
3.0.0

–

CVE-2008-3143

expandtab() integer overflow

2008-03-11

2.5.3
2.6.0
3.0.0

–

CVE-2008-5031

CGI directory traversal (is_cgi() function)

2008-03-07

2.7.0
3.2.4
3.3.1
3.4.0

–

CVE-2011-1015

rgbimg and imageop overflows

2007-09-16

2.5.3
2.6.0

–

CVE-2007-4965
CVE-2009-4134
CVE-2010-1449
CVE-2010-1450

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4