rpm package
suse/python-base&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5010 | — | < 2.7.13-28.21.1 | 2.7.13-28.21.1 | Oct 31, 2019 | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connection | ||
| CVE-2019-9948 | — | < 2.7.13-28.26.1 | 2.7.13-28.26.1 | Mar 23, 2019 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | ||
| CVE-2019-9636 | — | < 2.7.13-28.26.1 | 2.7.13-28.26.1 | Mar 8, 2019 | Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The component | ||
| CVE-2018-14647 | — | < 2.7.13-28.21.1 | 2.7.13-28.21.1 | Sep 25, 2018 | Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data struc | ||
| CVE-2018-1000802 | — | < 2.7.13-28.16.1 | 2.7.13-28.16.1 | Sep 18, 2018 | Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injecti | ||
| CVE-2018-1061 | — | < 2.7.13-28.16.1 | 2.7.13-28.16.1 | Jun 19, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | ||
| CVE-2018-1060 | — | < 2.7.13-28.16.1 | 2.7.13-28.16.1 | Jun 18, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | ||
| CVE-2017-18207 | — | < 2.7.13-28.6.1 | 2.7.13-28.6.1 | Mar 1, 2018 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca | ||
| CVE-2018-1000030 | — | < 2.7.13-28.3.2 | 2.7.13-28.3.2 | Feb 8, 2018 | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multi | ||
| CVE-2017-1000158 | Cri | 9.8 | < 2.7.13-28.3.2 | 2.7.13-28.3.2 | Nov 17, 2017 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) |
- CVE-2019-5010Oct 31, 2019affected < 2.7.13-28.21.1fixed 2.7.13-28.21.1
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connection
- CVE-2019-9948Mar 23, 2019affected < 2.7.13-28.26.1fixed 2.7.13-28.26.1
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
- CVE-2019-9636Mar 8, 2019affected < 2.7.13-28.26.1fixed 2.7.13-28.26.1
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The component
- CVE-2018-14647Sep 25, 2018affected < 2.7.13-28.21.1fixed 2.7.13-28.21.1
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data struc
- CVE-2018-1000802Sep 18, 2018affected < 2.7.13-28.16.1fixed 2.7.13-28.16.1
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injecti
- CVE-2018-1061Jun 19, 2018affected < 2.7.13-28.16.1fixed 2.7.13-28.16.1
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
- CVE-2018-1060Jun 18, 2018affected < 2.7.13-28.16.1fixed 2.7.13-28.16.1
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
- CVE-2017-18207Mar 1, 2018affected < 2.7.13-28.6.1fixed 2.7.13-28.6.1
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca
- CVE-2018-1000030Feb 8, 2018affected < 2.7.13-28.3.2fixed 2.7.13-28.3.2
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multi
- affected < 2.7.13-28.3.2fixed 2.7.13-28.3.2
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)