rpm package
almalinux/python38-psycopg2-doc
pkg:rpm/almalinux/python38-psycopg2-doc
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27783 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Dec 3, 2020 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | ||
| CVE-2020-26116 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Sep 27, 2020 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.reque | ||
| CVE-2019-20907 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Jul 13, 2020 | In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | ||
| CVE-2020-14422 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Jun 18, 2020 | Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I | ||
| CVE-2020-1747 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Mar 24, 2020 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untru | ||
| CVE-2019-20477 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Feb 19, 2020 | PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. | ||
| CVE-2020-8492 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Jan 30, 2020 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr | ||
| CVE-2019-18874 | — | < 2.8.4-4.module_el8.6.0+2778+cd494b30 | 2.8.4-4.module_el8.6.0+2778+cd494b30 | Nov 12, 2019 | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | ||
| CVE-2007-4559 | Cri | 9.8 | < 2.8.4-4.module_el8.7.0+3344+99a6a656 | 2.8.4-4.module_el8.7.0+3344+99a6a656 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2020-27783Dec 3, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
- CVE-2020-26116Sep 27, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.reque
- CVE-2019-20907Jul 13, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
- CVE-2020-14422Jun 18, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I
- CVE-2020-1747Mar 24, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untru
- CVE-2019-20477Feb 19, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
- CVE-2020-8492Jan 30, 2020affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr
- CVE-2019-18874Nov 12, 2019affected < 2.8.4-4.module_el8.6.0+2778+cd494b30fixed 2.8.4-4.module_el8.6.0+2778+cd494b30
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
- affected < 2.8.4-4.module_el8.7.0+3344+99a6a656fixed 2.8.4-4.module_el8.7.0+3344+99a6a656
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 2 of 2