AVG-1597 log

Package python2
Status Fixed
Severity High
Type multiple issues
Affected 2.7.18-2
Fixed 2.7.18-3
Current 2.7.18-4 [extra]
Ticket FS#68063
Created Sat Feb 20 00:10:34 2021
Issue Severity Remote Type Description
CVE-2021-23336 Medium Yes Url request injection
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable...
CVE-2021-3177 Medium Yes Arbitrary code execution
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications...
CVE-2020-27619 High Yes Arbitrary code execution
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-26116 Medium Yes Url request injection
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the...
CVE-2020-8492 Low Yes Denial of service
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...
CVE-2019-20907 Low Yes Denial of service
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because...
Date Advisory Package Type
25 Mar 2021 ASA-202103-27 python2 multiple issues