rpm package
suse/python3-base&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9063 | Cri | 9.8 | < 3.4.10-25.39.2 | 3.4.10-25.39.2 | Jun 11, 2018 | An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | |
| CVE-2017-18207 | Med | 6.5 | < 3.4.6-25.7.1 | 3.4.6-25.7.1 | Mar 1, 2018 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca | |
| CVE-2017-1000158 | Cri | 9.8 | < 3.4.10-25.39.2 | 3.4.10-25.39.2 | Nov 17, 2017 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | |
| CVE-2017-9233 | Hig | 7.5 | < 3.4.10-25.39.2 | 3.4.10-25.39.2 | Jul 25, 2017 | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | |
| CVE-2016-4472 | Hig | 8.1 | < 3.4.10-25.39.2 | 3.4.10-25.39.2 | Jun 30, 2016 | The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix f | |
| CVE-2016-0718 | Cri | 9.8 | < 3.4.10-25.39.2 | 3.4.10-25.39.2 | May 26, 2016 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |
| CVE-2012-0876 | — | < 3.4.10-25.39.2 | 3.4.10-25.39.2 | Jul 3, 2012 | The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the sa |
- affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
- affected < 3.4.6-25.7.1fixed 3.4.6-25.7.1
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca
- affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
- affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
- affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix f
- affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
- CVE-2012-0876Jul 3, 2012affected < 3.4.10-25.39.2fixed 3.4.10-25.39.2
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the sa
Page 2 of 2