python (SUSE:Linux Enterprise Module for Desktop Applications 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Desktop Applications 15 package python, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (37)
CVE-2016-5636 — CVSS 9.8 (critical): Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2…
CVE-2019-9636 — CVSS 9.8 (critical): Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during…
CVE-2019-10160 — CVSS 9.8 (critical): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions…
CVE-2018-1000802 — CVSS 9.8 (critical): Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command…
CVE-2014-4650 — CVSS 9.8 (critical): The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which…
CVE-2017-1000158 — CVSS 9.8 (critical): CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting…
CVE-2019-9948 — CVSS 9.1 (critical): urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection…
CVE-2013-1753 — CVSS 7.5 (high): The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service…
CVE-2019-5010 — CVSS 7.5 (high): An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially…
CVE-2019-16056 — CVSS 7.5 (high): An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly…
CVE-2014-1912 — CVSS 7.5 (high): Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x…
CVE-2018-14647 — CVSS 7.5 (high): Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial…
CVE-2018-1060 — CVSS 7.5 (high): python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method…
CVE-2008-1721 — CVSS 7.5 (high): Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a…
CVE-2008-2315 — CVSS 7.5 (high): Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to…
CVE-2008-2316 — CVSS 7.5 (high): Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat…
CVE-2008-3142 — CVSS 7.5 (high): Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service…
CVE-2008-3143 — CVSS 7.5 (high): Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to…
CVE-2016-0772 — CVSS 6.5 (medium): The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS…
CVE-2017-18207 — CVSS 6.5 (medium): The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows…
CVE-2018-1061 — CVSS 6.5 (medium): python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK…
CVE-2014-7185 — CVSS 6.4 (medium): Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process…
CVE-2011-1521 — CVSS 6.4 (medium): The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file…
CVE-2016-5699 — CVSS 6.1 (medium): CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x…
CVE-2019-9947 — CVSS 6.1 (medium): An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the…
CVE-2016-1000110 — CVSS 6.1 (medium): The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow…
CVE-2019-16935 — CVSS 6.1 (medium): The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field…
CVE-2018-20852 — CVSS 5.3 (medium): http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it…
CVE-2012-1150 — CVSS 5.0 (medium): Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to…
CVE-2008-3144 — CVSS 5.0 (medium): Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent…
CVE-2012-0845 — CVSS 5.0 (medium): SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows…
CVE-2007-2052 — CVSS 5.0 (medium): Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be…
CVE-2011-3389 — CVSS 4.3 (medium): The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome…
CVE-2013-4238 — CVSS 4.3 (medium): The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in…
CVE-2018-1000030 — CVSS 3.6 (low): Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be…
CVE-2011-4944 — CVSS 1.9 (low): Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces…
CVE-2013-1752: Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of…