Количество 870
Количество 870
SUSE-SU-2019:1846-1
Security update for bzip2
SUSE-SU-2019:14139-1
Security update for bzip2
SUSE-SU-2019:1206-2
Security update for bzip2
SUSE-SU-2019:1206-1
Security update for bzip2
RLSA-2025:0733
Moderate: bzip2 security update
RLSA-2024:8922
Low: bzip2 security update
GHSA-xv6x-43gq-4hfj
PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection
GHSA-w829-6hpw-frjf
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
GHSA-w3v2-46wf-pq33
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
GHSA-v3g4-2m5p-cjh4
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
GHSA-qm57-vhq3-3fwf
Header injection possible in Django
GHSA-p8vw-m6qq-w42v
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
GHSA-mj5j-j2qm-c8g4
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.
GHSA-mg3q-2g68-qp7w
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
GHSA-j686-6fc2-2525
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
GHSA-h33x-58qw-vqrp
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.
GHSA-gf62-w85x-fjpv
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
GHSA-fg5r-c9qq-q3wm
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
GHSA-9gg6-cm3f-wf38
Incorrect Calculation and Use of Insufficiently Random Values in Python
GHSA-9772-cwx9-r4cj
simplejson before 2.6.1 vulnerable to array index error
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | SUSE-SU-2019:1846-1 Security update for bzip2 | 1% Низкий | почти 6 лет назад | |
| SUSE-SU-2019:14139-1 Security update for bzip2 | 1% Низкий | почти 6 лет назад | |
| SUSE-SU-2019:1206-2 Security update for bzip2 | 12% Средний | почти 6 лет назад | |
| SUSE-SU-2019:1206-1 Security update for bzip2 | 12% Средний | около 6 лет назад | |
 | RLSA-2025:0733 Moderate: bzip2 security update | 1% Низкий | 4 месяца назад | |
| RLSA-2024:8922 Low: bzip2 security update | 1% Низкий | 8 месяцев назад | |
| GHSA-xv6x-43gq-4hfj PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection | 1% Низкий | около 3 лет назад | |
| GHSA-w829-6hpw-frjf In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-w3v2-46wf-pq33 expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | 0% Низкий | около 3 лет назад | |
| GHSA-v3g4-2m5p-cjh4 An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | CVSS3: 9.8 | 2% Низкий | около 3 лет назад |
| GHSA-qm57-vhq3-3fwf Header injection possible in Django | CVSS3: 6.1 | 1% Низкий | около 4 лет назад |
| GHSA-p8vw-m6qq-w42v read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
| GHSA-mj5j-j2qm-c8g4 In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. | CVSS3: 7.8 | 1% Низкий | около 3 лет назад |
| GHSA-mg3q-2g68-qp7w Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | CVSS3: 6.5 | 12% Средний | около 3 лет назад |
| GHSA-j686-6fc2-2525 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | CVSS3: 9.8 | 1% Низкий | около 3 лет назад |
| GHSA-h33x-58qw-vqrp Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
| GHSA-gf62-w85x-fjpv python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. | CVSS3: 7.5 | 1% Низкий | около 3 лет назад |
| GHSA-fg5r-c9qq-q3wm A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. | CVSS3: 8.8 | 4% Низкий | около 3 лет назад |
| GHSA-9gg6-cm3f-wf38 Incorrect Calculation and Use of Insufficiently Random Values in Python | CVSS3: 5.9 | 1% Низкий | около 4 лет назад |
| GHSA-9772-cwx9-r4cj simplejson before 2.6.1 vulnerable to array index error | CVSS3: 5.9 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу