VYPR

rpm package

suse/python&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (25)

  • CVE-2019-9674Feb 4, 2020
    affected < 2.7.17-28.42.1fixed 2.7.17-28.42.1

    Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

  • CVE-2020-8492Jan 30, 2020
    affected < 2.7.17-28.42.1fixed 2.7.17-28.42.1

    Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr

  • CVE-2019-18348Oct 23, 2019
    affected < 2.7.17-28.42.1fixed 2.7.17-28.42.1

    An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host compone

  • CVE-2019-16935Sep 28, 2019
    affected < 2.7.13-28.36.1fixed 2.7.13-28.36.1

    The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted i

  • CVE-2019-16056Sep 6, 2019
    affected < 2.7.13-28.36.1fixed 2.7.13-28.36.1

    An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on t

Page 2 of 2