Product:

Python

(Python)
Repositories https://github.com/python/cpython
#Vulnerabilities 53
Date ID Summary Products Score Patch
2020-02-04 CVE-2019-9674 Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. Python N/A
2020-01-30 CVE-2020-8492 Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. Python N/A
2020-01-28 CVE-2020-8315 In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. Python N/A
2018-03-01 CVE-2017-18207 ** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." Python 6.5
2019-11-27 CVE-2016-1000110 The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. Debian_linux, Fedora, Python N/A
2018-06-18 CVE-2018-1060 python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. Ubuntu_linux, Debian_linux, Fedora, Python, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 7.5