VYPR

rpm package

almalinux/python39-psycopg2-doc

pkg:rpm/almalinux/python39-psycopg2-doc

Vulnerabilities (44)

  • CVE-2021-3426MedMay 20, 2021
    affected < 2.8.6-2.module_el8.6.0+2780+a40f65e1fixed 2.8.6-2.module_el8.6.0+2780+a40f65e1

    There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normal

  • CVE-2021-29921CriMay 6, 2021
    affected < 2.8.6-2.module_el8.6.0+2780+a40f65e1fixed 2.8.6-2.module_el8.6.0+2780+a40f65e1

    In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2021-28957MedMar 21, 2021
    affected < 2.8.6-2.module_el8.6.0+2780+a40f65e1fixed 2.8.6-2.module_el8.6.0+2780+a40f65e1

    An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi

  • CVE-2007-4559CriAug 28, 2007
    affected < 2.8.6-2.module_el8.7.0+3344+df07b58afixed 2.8.6-2.module_el8.7.0+3344+df07b58a

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Page 3 of 3