VYPR

rpm package

opensuse/oci-cli&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/oci-cli&distro=openSUSE%20Tumbleweed

Vulnerabilities (17)

  • CVE-2026-35254MedMay 6, 2026
    affected < 3.83.0-1.1fixed 3.83.0-1.1

    Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability

  • CVE-2026-26007Feb 10, 2026
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke

  • CVE-2026-21441Jan 7, 2026
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression b

  • CVE-2025-66418Dec 5, 2025
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage a

  • CVE-2025-50181Jun 19, 2025
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An appl

  • CVE-2024-47081MedJun 9, 2025
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc

  • CVE-2025-47273May 17, 2025
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on

  • CVE-2024-56326Dec 23, 2024
    affected < 3.54.1-1.1fixed 3.54.1-1.1

    Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs t

  • CVE-2024-56201Dec 23, 2024
    affected < 3.54.1-1.1fixed 3.54.1-1.1

    Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit

  • CVE-2024-53899Nov 24, 2024
    affected < 3.61.0-1.1fixed 3.61.0-1.1

    virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

  • CVE-2024-39689Jul 5, 2024
    affected < 3.54.1-1.1fixed 3.54.1-1.1

    Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.7.04 removes ro

  • CVE-2024-37891Jun 17, 2024
    affected < 3.76.2-1.1fixed 3.76.2-1.1

    urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it'

  • CVE-2023-32681May 26, 2023
    affected < 3.54.1-1.1fixed 3.54.1-1.1

    Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTT

  • CVE-2023-0286Feb 8, 2023
    affected < 3.23.3-1.1fixed 3.23.3-1.1

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This

  • CVE-2020-14343Feb 9, 2021
    affected < 3.0.2-1.2fixed 3.0.2-1.2

    A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust

  • CVE-2020-29651Dec 9, 2020
    affected < 3.0.2-1.2fixed 3.0.2-1.2

    A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

  • CVE-2017-18342CriJun 27, 2018
    affected < 3.0.2-1.2fixed 3.0.2-1.2

    In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.