Search for packages
| purl | pkg:deb/debian/python3.7@3.7.3-2%2Bdeb10u3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1n4c-69xu-aaae
Aliases: CVE-2021-3733 |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | There are no reported fixed by versions. |
|
VCID-adb7-t68d-aaah
Aliases: CVE-2023-6597 |
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. | There are no reported fixed by versions. |
|
VCID-awv4-rzmw-aaap
Aliases: CVE-2022-37454 GHSA-6w4m-2xhg-2658 |
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | There are no reported fixed by versions. |
|
VCID-bdw7-d7up-aaaf
Aliases: CVE-2021-4189 |
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | There are no reported fixed by versions. |
|
VCID-dymx-8r2e-aaad
Aliases: CVE-2021-3426 |
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. | There are no reported fixed by versions. |
|
VCID-fxcv-tgm2-aaac
Aliases: CVE-2020-10735 |
CVE-2020-10735 python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS | There are no reported fixed by versions. |
|
VCID-gf6k-frsj-aaas
Aliases: CVE-2023-40217 |
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | There are no reported fixed by versions. |
|
VCID-hq7h-468r-aaad
Aliases: CVE-2021-3737 |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | There are no reported fixed by versions. |
|
VCID-ks3f-4xzz-aaae
Aliases: CVE-2015-20107 |
In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). | There are no reported fixed by versions. |
|
VCID-kxt9-wr47-aaaf
Aliases: CVE-2024-0450 |
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. | There are no reported fixed by versions. |
|
VCID-npq4-yhwg-aaad
Aliases: CVE-2022-48560 |
A use-after-free exists in Python through 3.9 via heappushpop in heapq. | There are no reported fixed by versions. |
|
VCID-nuws-q4cw-aaae
Aliases: CVE-2022-45061 |
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | There are no reported fixed by versions. |
|
VCID-q4am-rpfd-aaar
Aliases: CVE-2022-48565 |
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | There are no reported fixed by versions. |
|
VCID-uudz-d713-aaah
Aliases: CVE-2022-48566 |
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | There are no reported fixed by versions. |
|
VCID-v5ru-rq3c-aaag
Aliases: CVE-2022-48564 |
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:56:27.965006+00:00 | Debian Oval Importer | Affected by | VCID-uudz-d713-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:04:36.639786+00:00 | Debian Oval Importer | Affected by | VCID-awv4-rzmw-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:59:57.969283+00:00 | Debian Oval Importer | Affected by | VCID-ks3f-4xzz-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:31:21.822837+00:00 | Debian Oval Importer | Affected by | VCID-nuws-q4cw-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:19:50.155480+00:00 | Debian Oval Importer | Affected by | VCID-fxcv-tgm2-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:00:15.591591+00:00 | Debian Oval Importer | Affected by | VCID-gf6k-frsj-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:59:54.037399+00:00 | Debian Oval Importer | Affected by | VCID-hq7h-468r-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:57:26.733915+00:00 | Debian Oval Importer | Affected by | VCID-bdw7-d7up-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:42:31.135648+00:00 | Debian Oval Importer | Affected by | VCID-v5ru-rq3c-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:17:18.294310+00:00 | Debian Oval Importer | Affected by | VCID-q4am-rpfd-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:04:15.770649+00:00 | Debian Oval Importer | Affected by | VCID-npq4-yhwg-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:43:08.578583+00:00 | Debian Oval Importer | Affected by | VCID-dymx-8r2e-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:21:05.405336+00:00 | Debian Oval Importer | Affected by | VCID-1n4c-69xu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T08:28:31.561712+00:00 | Debian Oval Importer | Affected by | VCID-1n4c-69xu-aaae | None | 36.1.3 |
| 2025-06-21T08:28:23.309652+00:00 | Debian Oval Importer | Affected by | VCID-fxcv-tgm2-aaac | None | 36.1.3 |
| 2025-06-21T08:27:58.592047+00:00 | Debian Oval Importer | Affected by | VCID-nuws-q4cw-aaae | None | 36.1.3 |
| 2025-06-21T08:27:56.588950+00:00 | Debian Oval Importer | Affected by | VCID-dymx-8r2e-aaad | None | 36.1.3 |
| 2025-06-21T08:27:47.157817+00:00 | Debian Oval Importer | Affected by | VCID-bdw7-d7up-aaaf | None | 36.1.3 |
| 2025-06-21T08:27:24.172234+00:00 | Debian Oval Importer | Affected by | VCID-hq7h-468r-aaad | None | 36.1.3 |
| 2025-06-21T08:27:15.935966+00:00 | Debian Oval Importer | Affected by | VCID-ks3f-4xzz-aaae | None | 36.1.3 |
| 2025-06-21T06:36:04.412439+00:00 | Debian Oval Importer | Affected by | VCID-awv4-rzmw-aaap | None | 36.1.3 |
| 2025-06-08T10:28:10.526913+00:00 | Debian Oval Importer | Affected by | VCID-uudz-d713-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:49:31.579343+00:00 | Debian Oval Importer | Affected by | VCID-awv4-rzmw-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:45:02.030509+00:00 | Debian Oval Importer | Affected by | VCID-ks3f-4xzz-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:25:53.102848+00:00 | Debian Oval Importer | Affected by | VCID-nuws-q4cw-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:12:56.563521+00:00 | Debian Oval Importer | Affected by | VCID-fxcv-tgm2-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:54:23.045702+00:00 | Debian Oval Importer | Affected by | VCID-gf6k-frsj-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:54:02.178419+00:00 | Debian Oval Importer | Affected by | VCID-hq7h-468r-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:51:35.915813+00:00 | Debian Oval Importer | Affected by | VCID-bdw7-d7up-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:36:43.939822+00:00 | Debian Oval Importer | Affected by | VCID-v5ru-rq3c-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:11:55.441243+00:00 | Debian Oval Importer | Affected by | VCID-q4am-rpfd-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:59:08.376734+00:00 | Debian Oval Importer | Affected by | VCID-npq4-yhwg-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:38:32.762726+00:00 | Debian Oval Importer | Affected by | VCID-dymx-8r2e-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:23:41.049256+00:00 | Debian Oval Importer | Affected by | VCID-1n4c-69xu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T02:09:54.193854+00:00 | Debian Oval Importer | Affected by | VCID-1n4c-69xu-aaae | None | 36.1.0 |
| 2025-06-08T02:09:45.180719+00:00 | Debian Oval Importer | Affected by | VCID-fxcv-tgm2-aaac | None | 36.1.0 |
| 2025-06-08T02:09:20.172196+00:00 | Debian Oval Importer | Affected by | VCID-nuws-q4cw-aaae | None | 36.1.0 |
| 2025-06-08T02:09:18.043866+00:00 | Debian Oval Importer | Affected by | VCID-dymx-8r2e-aaad | None | 36.1.0 |
| 2025-06-08T02:09:08.395330+00:00 | Debian Oval Importer | Affected by | VCID-bdw7-d7up-aaaf | None | 36.1.0 |
| 2025-06-08T02:08:45.712193+00:00 | Debian Oval Importer | Affected by | VCID-hq7h-468r-aaad | None | 36.1.0 |
| 2025-06-08T02:08:37.274384+00:00 | Debian Oval Importer | Affected by | VCID-ks3f-4xzz-aaae | None | 36.1.0 |
| 2025-06-08T00:15:17.257239+00:00 | Debian Oval Importer | Affected by | VCID-awv4-rzmw-aaap | None | 36.1.0 |
| 2025-04-12T23:12:34.769321+00:00 | Debian Oval Importer | Affected by | VCID-adb7-t68d-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T23:07:29.651875+00:00 | Debian Oval Importer | Affected by | VCID-kxt9-wr47-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-12T16:09:23.615840+00:00 | Debian Oval Importer | Affected by | VCID-uudz-d713-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:21:45.752811+00:00 | Debian Oval Importer | Affected by | VCID-awv4-rzmw-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:17:22.879331+00:00 | Debian Oval Importer | Affected by | VCID-ks3f-4xzz-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:57:15.024623+00:00 | Debian Oval Importer | Affected by | VCID-nuws-q4cw-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:45:30.348143+00:00 | Debian Oval Importer | Affected by | VCID-fxcv-tgm2-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:26:52.204672+00:00 | Debian Oval Importer | Affected by | VCID-gf6k-frsj-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:26:30.853917+00:00 | Debian Oval Importer | Affected by | VCID-hq7h-468r-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:24:04.828686+00:00 | Debian Oval Importer | Affected by | VCID-bdw7-d7up-aaaf | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:09:05.030968+00:00 | Debian Oval Importer | Affected by | VCID-v5ru-rq3c-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:44:02.197072+00:00 | Debian Oval Importer | Affected by | VCID-q4am-rpfd-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:31:04.251749+00:00 | Debian Oval Importer | Affected by | VCID-npq4-yhwg-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:10:06.613289+00:00 | Debian Oval Importer | Affected by | VCID-dymx-8r2e-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:54:48.243717+00:00 | Debian Oval Importer | Affected by | VCID-1n4c-69xu-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T00:41:47.052499+00:00 | Debian Oval Importer | Affected by | VCID-1n4c-69xu-aaae | None | 36.0.0 |
| 2025-04-08T00:41:38.647408+00:00 | Debian Oval Importer | Affected by | VCID-fxcv-tgm2-aaac | None | 36.0.0 |
| 2025-04-08T00:41:13.832203+00:00 | Debian Oval Importer | Affected by | VCID-nuws-q4cw-aaae | None | 36.0.0 |
| 2025-04-08T00:41:11.772676+00:00 | Debian Oval Importer | Affected by | VCID-dymx-8r2e-aaad | None | 36.0.0 |
| 2025-04-08T00:41:02.452672+00:00 | Debian Oval Importer | Affected by | VCID-bdw7-d7up-aaaf | None | 36.0.0 |
| 2025-04-08T00:40:40.384954+00:00 | Debian Oval Importer | Affected by | VCID-hq7h-468r-aaad | None | 36.0.0 |
| 2025-04-08T00:40:32.002715+00:00 | Debian Oval Importer | Affected by | VCID-ks3f-4xzz-aaae | None | 36.0.0 |
| 2025-04-07T22:47:40.066294+00:00 | Debian Oval Importer | Affected by | VCID-awv4-rzmw-aaap | None | 36.0.0 |