rpm package
almalinux/python39-cffi
pkg:rpm/almalinux/python39-cffi
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3426 | — | < 1.14.3-2.module_el8.6.0+2780+a40f65e1 | 1.14.3-2.module_el8.6.0+2780+a40f65e1 | May 20, 2021 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normal | ||
| CVE-2021-29921 | — | < 1.14.3-2.module_el8.6.0+2780+a40f65e1 | 1.14.3-2.module_el8.6.0+2780+a40f65e1 | May 6, 2021 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||
| CVE-2021-28957 | — | < 1.14.3-2.module_el8.6.0+2780+a40f65e1 | 1.14.3-2.module_el8.6.0+2780+a40f65e1 | Mar 21, 2021 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi | ||
| CVE-2007-4559 | Cri | 9.8 | < 1.14.3-2.module_el8.6.0+2780+a40f65e1 | 1.14.3-2.module_el8.6.0+2780+a40f65e1 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2021-3426May 20, 2021affected < 1.14.3-2.module_el8.6.0+2780+a40f65e1fixed 1.14.3-2.module_el8.6.0+2780+a40f65e1
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normal
- CVE-2021-29921May 6, 2021affected < 1.14.3-2.module_el8.6.0+2780+a40f65e1fixed 1.14.3-2.module_el8.6.0+2780+a40f65e1
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
- CVE-2021-28957Mar 21, 2021affected < 1.14.3-2.module_el8.6.0+2780+a40f65e1fixed 1.14.3-2.module_el8.6.0+2780+a40f65e1
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi
- affected < 1.14.3-2.module_el8.6.0+2780+a40f65e1fixed 1.14.3-2.module_el8.6.0+2780+a40f65e1
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 3 of 3