rpm package
almalinux/python38-pyyaml
pkg:rpm/almalinux/python38-pyyaml
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-18874 | — | < 5.4.1-1.module_el8.6.0+2778+cd494b30 | 5.4.1-1.module_el8.6.0+2778+cd494b30 | Nov 12, 2019 | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | ||
| CVE-2007-4559 | Cri | 9.8 | < 5.4.1-1.module_el8.6.0+2778+cd494b30 | 5.4.1-1.module_el8.6.0+2778+cd494b30 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2019-18874Nov 12, 2019affected < 5.4.1-1.module_el8.6.0+2778+cd494b30fixed 5.4.1-1.module_el8.6.0+2778+cd494b30
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
- affected < 5.4.1-1.module_el8.6.0+2778+cd494b30fixed 5.4.1-1.module_el8.6.0+2778+cd494b30
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 2 of 2