python2

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A high-level scripting language
Version 2.7.18-5 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1597 2.7.18-2 2.7.18-3 High Fixed FS#68063
AVG-978 2.7.16-1 2.7.17-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-23336 AVG-1597 Medium Yes Url request injection
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable...
CVE-2021-3177 AVG-1597 Medium Yes Arbitrary code execution
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications...
CVE-2020-27619 AVG-1597 High Yes Arbitrary code execution
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-26116 AVG-1597 Medium Yes Url request injection
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the...
CVE-2020-8492 AVG-1597 Low Yes Denial of service
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular...
CVE-2019-20907 AVG-1597 Low Yes Denial of service
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because...
CVE-2019-9636 AVG-978 High Yes Information disclosure
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization....

Advisories

Date Advisory Group Severity Type
25 Mar 2021 ASA-202103-27 AVG-1597 High multiple issues
03 Nov 2019 ASA-201911-4 AVG-978 High information disclosure