rpm package
suse/python-base&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9674 | Hig | 7.5 | < 2.7.17-28.42.1 | 2.7.17-28.42.1 | Feb 4, 2020 | Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | |
| CVE-2020-8492 | Med | 6.5 | < 2.7.17-28.42.1 | 2.7.17-28.42.1 | Jan 30, 2020 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr | |
| CVE-2019-18348 | Med | 6.1 | < 2.7.17-28.42.1 | 2.7.17-28.42.1 | Oct 23, 2019 | An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host compone | |
| CVE-2019-16935 | Med | 6.1 | < 2.7.13-28.36.1 | 2.7.13-28.36.1 | Sep 28, 2019 | The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted i | |
| CVE-2019-16056 | Hig | 7.5 | < 2.7.13-28.36.1 | 2.7.13-28.36.1 | Sep 6, 2019 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on t |
- affected < 2.7.17-28.42.1fixed 2.7.17-28.42.1
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
- affected < 2.7.17-28.42.1fixed 2.7.17-28.42.1
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr
- affected < 2.7.17-28.42.1fixed 2.7.17-28.42.1
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host compone
- affected < 2.7.13-28.36.1fixed 2.7.13-28.36.1
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted i
- affected < 2.7.13-28.36.1fixed 2.7.13-28.36.1
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on t
Page 2 of 2