VYPR

rpm package

suse/python3-base&distro=SUSE Linux Enterprise Server 12 SP3

pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3

Vulnerabilities (6)

  • CVE-2019-5010Oct 31, 2019
    affected < 3.4.6-25.21.1fixed 3.4.6-25.21.1

    An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connection

  • CVE-2019-9636Mar 8, 2019
    affected < 3.4.6-25.24.1fixed 3.4.6-25.24.1

    Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The component

  • CVE-2018-20406Dec 23, 2018
    affected < 3.4.6-25.21.1fixed 3.4.6-25.21.1

    Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundr

  • CVE-2018-1061MedJun 19, 2018
    affected < 3.4.6-25.16.1fixed 3.4.6-25.16.1

    python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

  • CVE-2018-1060HigJun 18, 2018
    affected < 3.4.6-25.16.1fixed 3.4.6-25.16.1

    python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

  • CVE-2017-18207MedMar 1, 2018
    affected < 3.4.6-25.7.1fixed 3.4.6-25.7.1

    The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca