Vulnerabilities > Python > Python > 3.9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-20 | CVE-2021-3426 | Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. | 5.7 |
2021-05-06 | CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. | 9.8 |
2021-02-15 | CVE-2021-23336 | HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. | 5.9 |
2021-01-19 | CVE-2021-3177 | Classic Buffer Overflow vulnerability in multiple products Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. | 9.8 |
2020-10-22 | CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 9.8 |
2020-07-04 | CVE-2020-15523 | Use of Uninitialized Resource vulnerability in multiple products In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. | 6.9 |
2019-06-19 | CVE-2019-12900 | Out-of-bounds Write vulnerability in multiple products BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | 9.8 |
2016-06-30 | CVE-2016-3189 | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | 6.5 |