Vulnerabilities > Python > Python > 3.6.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-13 | CVE-2019-20907 | Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | 7.5 |
2020-07-04 | CVE-2020-15523 | Use of Uninitialized Resource vulnerability in multiple products In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. | 6.9 |
2020-06-18 | CVE-2020-14422 | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
2020-02-04 | CVE-2019-9674 | Resource Exhaustion vulnerability in multiple products Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | 7.5 |
2018-12-23 | CVE-2018-20406 | Integer Overflow or Wraparound vulnerability in multiple products Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. | 7.5 |