Search for packages
| purl | pkg:rpm/redhat/rh-python38-python@3.8.11-2?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2j3t-a3r6-vfg7
Aliases: CVE-2021-3426 |
Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. | There are no reported fixed by versions. |
|
VCID-75s4-h132-6fe1
Aliases: CVE-2021-3572 GHSA-5xp3-jfq3-5q8x PYSEC-2021-437 |
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. | There are no reported fixed by versions. |
|
VCID-8a7h-5rn5-gubx
Aliases: CVE-2020-27619 |
A vulnerability has been discovered in GNAT Ada Suite which can lead to remote code execution. | There are no reported fixed by versions. |
|
VCID-8par-whwz-6kft
Aliases: CVE-2021-33503 GHSA-q2q7-5pp4-w6pg PYSEC-2021-108 |
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. | There are no reported fixed by versions. |
|
VCID-bjpd-6kh8-1bbs
Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63 |
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | There are no reported fixed by versions. |
|
VCID-ct6h-d1eh-7bgj
Aliases: CVE-2021-3733 |
python: urllib: Regular expression DoS in AbstractBasicAuthHandler | There are no reported fixed by versions. |
|
VCID-dkxn-j9dr-sqbp
Aliases: CVE-2021-3177 |
Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. | There are no reported fixed by versions. |
|
VCID-j8hj-k7wy-yfch
Aliases: CVE-2021-4189 |
python: ftplib should not use the host from the PASV response | There are no reported fixed by versions. |
|
VCID-j95d-56fv-jfae
Aliases: CVE-2020-27783 GHSA-pgww-xf46-h92r PYSEC-2020-62 |
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | There are no reported fixed by versions. |
|
VCID-jpa1-g154-1ye8
Aliases: CVE-2020-28493 GHSA-g3rq-g295-4j3m PYSEC-2021-66 SNYK-PYTHON-JINJA2-1012994 |
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. | There are no reported fixed by versions. |
|
VCID-szsp-k3sg-r3eu
Aliases: CVE-2021-20095 |
A vulnerability in Babel could result in remote code execution. | There are no reported fixed by versions. |
|
VCID-u7xg-3dp7-vkc2
Aliases: CVE-2021-28957 GHSA-jq4v-f5q6-mjqq PYSEC-2021-19 |
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3. | There are no reported fixed by versions. |
|
VCID-vmx8-tjg2-uuec
Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62 |
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | There are no reported fixed by versions. |
|
VCID-vpwj-d49q-1uh8
Aliases: CVE-2022-0391 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
|
VCID-w6k8-js68-87g4
Aliases: CVE-2021-23336 |
Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. | There are no reported fixed by versions. |
|
VCID-yw7e-93us-8qh8
Aliases: CVE-2021-42771 GHSA-h4m5-qpfp-3mpv PYSEC-2021-421 |
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | There are no reported fixed by versions. |
|
VCID-z48d-eyxz-bycq
Aliases: CVE-2021-29921 |
Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||