Python

Python

132 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-25032

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.03.2022 09:15:08
  • Zuletzt bearbeitet 21.08.2025 20:37:11

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

7

CVE-2022-26488

  • EPSS 1.67%
  • Veröffentlicht 10.03.2022 17:47:45
  • Zuletzt bearbeitet 21.11.2024 06:54:02

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator mus...

6.5

CVE-2021-3733

Exploit
  • EPSS 0.77%
  • Veröffentlicht 10.03.2022 17:42:59
  • Zuletzt bearbeitet 03.11.2025 22:15:50

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication r...

7.5

CVE-2021-3737

Exploit
  • EPSS 0.16%
  • Veröffentlicht 04.03.2022 19:15:08
  • Zuletzt bearbeitet 17.12.2025 22:15:56

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from...

7.5

CVE-2022-0391

Exploit
  • EPSS 1.92%
  • Veröffentlicht 09.02.2022 23:15:16
  • Zuletzt bearbeitet 17.12.2025 21:15:52

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r...

5.7

CVE-2021-3426

  • EPSS 0.08%
  • Veröffentlicht 20.05.2021 13:15:07
  • Zuletzt bearbeitet 18.12.2025 12:15:54

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other u...

9.8

CVE-2021-29921

Exploit
  • EPSS 2.05%
  • Veröffentlicht 06.05.2021 13:15:12
  • Zuletzt bearbeitet 03.11.2025 22:15:48

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

5.9

CVE-2021-23336

Exploit
  • EPSS 0.3%
  • Veröffentlicht 15.02.2021 13:15:12
  • Zuletzt bearbeitet 17.12.2025 22:15:55

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector c...

9.8

CVE-2021-3177

Exploit
  • EPSS 0.07%
  • Veröffentlicht 19.01.2021 06:15:12
  • Zuletzt bearbeitet 18.12.2025 15:15:48

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to ...

9.8

CVE-2020-27619

  • EPSS 0.85%
  • Veröffentlicht 22.10.2020 03:16:31
  • Zuletzt bearbeitet 21.11.2024 05:21:29

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.