rpm package
suse/python36&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/python36&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1060 | Hig | 7.5 | < 3.6.10-4.3.5 | 3.6.10-4.3.5 | Jun 18, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | |
| CVE-2017-18207 | Med | 6.5 | < 3.6.10-4.3.5 | 3.6.10-4.3.5 | Mar 1, 2018 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca | |
| CVE-2007-4559 | Cri | 9.8 | < 3.6.15-46.1 | 3.6.15-46.1 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- affected < 3.6.10-4.3.5fixed 3.6.10-4.3.5
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
- affected < 3.6.10-4.3.5fixed 3.6.10-4.3.5
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca
- affected < 3.6.15-46.1fixed 3.6.15-46.1
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 3 of 3