python36 (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package python36, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (43)
CVE-2007-4559 — CVSS 9.8 (critical): Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted…
CVE-2022-37454 — CVSS 9.8 (critical): The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers…
CVE-2018-1000802 — CVSS 9.8 (critical): Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command…
CVE-2019-10160 — CVSS 9.8 (critical): A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions…
CVE-2019-9636 — CVSS 9.8 (critical): Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during…
CVE-2020-27619 — CVSS 9.8 (critical): In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2021-3177 — CVSS 9.8 (critical): Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain…
CVE-2023-6597 — CVSS 7.8 (high): An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and…
CVE-2015-20107 — CVSS 7.6 (high): In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap…
CVE-2024-6232 — CVSS 7.5 (high): There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile…
CVE-2019-20907 — CVSS 7.5 (high): In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by…
CVE-2019-20916 — CVSS 7.5 (high): The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition…
CVE-2019-5010 — CVSS 7.5 (high): An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially…
CVE-2023-52425 — CVSS 7.5 (high): libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large…
CVE-2019-9674 — CVSS 7.5 (high): Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
CVE-2024-4032 — CVSS 7.5 (high): The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally…
CVE-2020-10735 — CVSS 7.5 (high): A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could…
CVE-2023-24329 — CVSS 7.5 (high): An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that…
CVE-2019-15903 — CVSS 7.5 (high): In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a…
CVE-2019-16056 — CVSS 7.5 (high): An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly…
CVE-2018-1060 — CVSS 7.5 (high): python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method…
CVE-2024-7592 — CVSS 7.5 (high): There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that…
CVE-2021-3737 — CVSS 7.5 (high): A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls…
CVE-2022-45061 — CVSS 7.5 (high): An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the…
CVE-2024-0397 — CVSS 7.4 (high): A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods…
CVE-2021-28861 — CVSS 7.4 (high): Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the…
CVE-2020-26116 — CVSS 7.2 (high): http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the…
CVE-2021-3733 — CVSS 6.5 (medium): There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as…
CVE-2017-18207 — CVSS 6.5 (medium): The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows…
CVE-2020-8492 — CVSS 6.5 (medium): Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct…
CVE-2024-5642 — CVSS 6.5 (medium): CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for…
CVE-2024-0450 — CVSS 6.2 (medium): An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile…
CVE-2019-18348 — CVSS 6.1 (medium): An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the…
CVE-2019-9947 — CVSS 6.1 (medium): An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the…
CVE-2022-48566 — CVSS 5.9 (medium): An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in…
CVE-2021-23336 — CVSS 5.9 (medium): The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2…
CVE-2020-14422 — CVSS 5.9 (medium): Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow…
CVE-2021-3426 — CVSS 5.7 (medium): There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to…
CVE-2021-3572 — CVSS 5.7 (medium): A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue…
CVE-2024-6923 — CVSS 5.5 (medium): There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when…
CVE-2023-40217 — CVSS 5.3 (medium): An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects…
CVE-2018-20852 — CVSS 5.3 (medium): http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it…
CVE-2023-27043 — CVSS 5.3 (medium): The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an…