VYPR

rpm package

suse/python3-base&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (27)

  • CVE-2016-9063CriJun 11, 2018
    affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2

    An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

  • CVE-2017-18207MedMar 1, 2018
    affected < 3.4.6-25.7.1fixed 3.4.6-25.7.1

    The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca

  • CVE-2017-1000158CriNov 17, 2017
    affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2

    CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

  • CVE-2017-9233HigJul 25, 2017
    affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2

    XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

  • CVE-2016-4472HigJun 30, 2016
    affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix f

  • CVE-2016-0718CriMay 26, 2016
    affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2012-0876Jul 3, 2012
    affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2

    The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the sa

Page 2 of 2