rpm package
suse/python-doc&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000802 | Cri | 9.8 | < 2.7.13-28.16.1 | 2.7.13-28.16.1 | Sep 18, 2018 | Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injecti | |
| CVE-2018-1061 | Med | 6.5 | < 2.7.13-28.16.1 | 2.7.13-28.16.1 | Jun 19, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | |
| CVE-2018-1060 | Hig | 7.5 | < 2.7.13-28.16.1 | 2.7.13-28.16.1 | Jun 18, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. |
- affected < 2.7.13-28.16.1fixed 2.7.13-28.16.1
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injecti
- affected < 2.7.13-28.16.1fixed 2.7.13-28.16.1
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
- affected < 2.7.13-28.16.1fixed 2.7.13-28.16.1
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
Page 2 of 2