VYPR

rpm package

almalinux/python38-pycparser

pkg:rpm/almalinux/python38-pycparser

Vulnerabilities (29)

  • CVE-2020-27783Dec 3, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

  • CVE-2020-26116Sep 27, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.reque

  • CVE-2019-20907Jul 13, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

  • CVE-2020-14422Jun 18, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or I

  • CVE-2020-1747Mar 24, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untru

  • CVE-2019-20477Feb 19, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

  • CVE-2020-8492Jan 30, 2020
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr

  • CVE-2019-18874Nov 12, 2019
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

  • CVE-2007-4559CriAug 28, 2007
    affected < 2.19-3.module_el8.6.0+2778+cd494b30fixed 2.19-3.module_el8.6.0+2778+cd494b30

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Page 2 of 2