rpm package
almalinux/python38-PyMySQL
pkg:rpm/almalinux/python38-PyMySQL
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27783 | — | < 0.10.1-1.module_el8.6.0+2778+cd494b30 | 0.10.1-1.module_el8.6.0+2778+cd494b30 | Dec 3, 2020 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | ||
| CVE-2020-26116 | — | < 0.10.1-1.module_el8.6.0+2778+cd494b30 | 0.10.1-1.module_el8.6.0+2778+cd494b30 | Sep 27, 2020 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.reque | ||
| CVE-2020-1747 | — | < 0.10.1-1.module_el8.6.0+2778+cd494b30 | 0.10.1-1.module_el8.6.0+2778+cd494b30 | Mar 24, 2020 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untru | ||
| CVE-2019-18874 | — | < 0.10.1-1.module_el8.6.0+2778+cd494b30 | 0.10.1-1.module_el8.6.0+2778+cd494b30 | Nov 12, 2019 | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | ||
| CVE-2007-4559 | Cri | 9.8 | < 0.10.1-1.module_el8.6.0+2778+cd494b30 | 0.10.1-1.module_el8.6.0+2778+cd494b30 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2020-27783Dec 3, 2020affected < 0.10.1-1.module_el8.6.0+2778+cd494b30fixed 0.10.1-1.module_el8.6.0+2778+cd494b30
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
- CVE-2020-26116Sep 27, 2020affected < 0.10.1-1.module_el8.6.0+2778+cd494b30fixed 0.10.1-1.module_el8.6.0+2778+cd494b30
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.reque
- CVE-2020-1747Mar 24, 2020affected < 0.10.1-1.module_el8.6.0+2778+cd494b30fixed 0.10.1-1.module_el8.6.0+2778+cd494b30
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untru
- CVE-2019-18874Nov 12, 2019affected < 0.10.1-1.module_el8.6.0+2778+cd494b30fixed 0.10.1-1.module_el8.6.0+2778+cd494b30
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
- affected < 0.10.1-1.module_el8.6.0+2778+cd494b30fixed 0.10.1-1.module_el8.6.0+2778+cd494b30
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 2 of 2