Risk | High |
Patch available | YES |
Number of vulnerabilities | 15 |
CVE-ID | CVE-2021-3733 CVE-2021-3737 CVE-2021-43818 CVE-2022-0391 CVE-2019-18874 CVE-2019-20477 CVE-2017-18342 CVE-2019-20907 CVE-2020-14422 CVE-2020-8492 CVE-2020-27619 CVE-2021-23336 CVE-2021-29921 CVE-2021-3177 CVE-2021-3426 |
CWE-ID | CWE-399 CWE-835 CWE-79 CWE-93 CWE-415 CWE-284 CWE-20 CWE-400 CWE-94 CWE-119 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #10 is available. |
Vulnerable software |
Anolis OS Operating systems & Components / Operating system python38-wheel-wheel Operating systems & Components / Operating system package or component python38-wheel Operating systems & Components / Operating system package or component python38-wcwidth Operating systems & Components / Operating system package or component python38-urllib3 Operating systems & Components / Operating system package or component python38-setuptools-wheel Operating systems & Components / Operating system package or component python38-setuptools Operating systems & Components / Operating system package or component python38-rpm-macros Operating systems & Components / Operating system package or component python38-pytest Operating systems & Components / Operating system package or component python38-pyparsing Operating systems & Components / Operating system package or component python38-py Operating systems & Components / Operating system package or component python38-pluggy Operating systems & Components / Operating system package or component python38-pip-wheel Operating systems & Components / Operating system package or component python38-pip Operating systems & Components / Operating system package or component python38-packaging Operating systems & Components / Operating system package or component python38-numpy-doc Operating systems & Components / Operating system package or component python38-more-itertools Operating systems & Components / Operating system package or component python38-jinja2 Operating systems & Components / Operating system package or component python38-babel Operating systems & Components / Operating system package or component python38-attrs Operating systems & Components / Operating system package or component python38-atomicwrites Operating systems & Components / Operating system package or component python38-tkinter Operating systems & Components / Operating system package or component python38-test Operating systems & Components / Operating system package or component python38-psutil Operating systems & Components / Operating system package or component python38-numpy-f2py Operating systems & Components / Operating system package or component python38-numpy Operating systems & Components / Operating system package or component python38-lxml Operating systems & Components / Operating system package or component python38-libs Operating systems & Components / Operating system package or component python38-idle Operating systems & Components / Operating system package or component python38-devel Operating systems & Components / Operating system package or component python38-debug Operating systems & Components / Operating system package or component python38 Operating systems & Components / Operating system package or component python38-six Operating systems & Components / Operating system package or component python38-requests Operating systems & Components / Operating system package or component python38-pytz Operating systems & Components / Operating system package or component python38-pysocks Operating systems & Components / Operating system package or component python38-pycparser Operating systems & Components / Operating system package or component python38-ply Operating systems & Components / Operating system package or component python38-idna Operating systems & Components / Operating system package or component python38-chardet Operating systems & Components / Operating system package or component python38-asn1crypto Operating systems & Components / Operating system package or component python38-PyMySQL Operating systems & Components / Operating system package or component python38-scipy Operating systems & Components / Operating system package or component python38-pyyaml Operating systems & Components / Operating system package or component python38-psycopg2-tests Operating systems & Components / Operating system package or component python38-psycopg2-doc Operating systems & Components / Operating system package or component python38-psycopg2 Operating systems & Components / Operating system package or component python38-mod_wsgi Operating systems & Components / Operating system package or component python38-markupsafe Operating systems & Components / Operating system package or component python38-cryptography Operating systems & Components / Operating system package or component python38-cffi Operating systems & Components / Operating system package or component python38-Cython Operating systems & Components / Operating system package or component |
Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
EUVDB-ID: #VU58295
Risk: Low
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3733
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application within the AbstractBasicAuthHandler class in urllib. A remote attacker with control over the server can perform regular expression denial of service attack during authentication.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59089
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3737
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU59660
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-43818
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the HTML Cleaner in lxml.html. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61675
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-0391
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU22848
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-18874
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists because of refcount mishandling within a "while" or "for" loop that converts system data into a Python object. A remote attacker can trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU25542
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-20477
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the "load" and "load_all" functions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU21781
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-18342
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input in the "yaml.load()" API (yaml.safe_load is not used). A remote attacker can execute arbitrary code on the target system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU32881
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20907
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop In Lib/tarfile.py in Python. A remote attacker can create a specially crafted TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU29544
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-14422
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU25631
Risk: Medium
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-8492
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in urllib.request.AbstractBasicAuthHandler when processing HTTP responses. A remote attacker who controls a HTTP server can send a specially crafted HTTP response to the client application and conduct Regular Expression Denial of Service (ReDoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU50621
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-27619
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to Python executed eval() function on the code, retrieved via HTTP protocol in Lib/test/multibytecodec_support.py CJK codec tests. A remote attacker with ability to intercept network traffic can perform a Man-in-the-Middle (MitM) attack and execute arbitrary Python code on the system.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50814
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-23336
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform web cache spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in django.utils.http.limited_parse_qsl() when parsing strings with a semicolon (";"). A remote attacker can pass specially crafted data to the application and perform a spoofing attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU55056
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-29921
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Python interpreter and runtime (CPython) component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU49973
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU60098
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3426
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Binding Support Function (Python) component in Oracle Communications Cloud Native Core Binding Support Function. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-rpm-macros: before 3.8.12-1.0.1
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-pip-wheel: before 19.3.1-5
python38-pip: before 19.3.1-5
python38-packaging: before 19.2-3
python38-numpy-doc: before 1.17.3-6
python38-more-itertools: before 7.2.0-5
python38-jinja2: before 2.10.3-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-tkinter: before 3.8.12-1.0.1
python38-test: before 3.8.12-1.0.1
python38-psutil: before 5.6.4-4
python38-numpy-f2py: before 1.17.3-6
python38-numpy: before 1.17.3-6
python38-lxml: before 4.4.1-7
python38-libs: before 3.8.12-1.0.1
python38-idle: before 3.8.12-1.0.1
python38-devel: before 3.8.12-1.0.1
python38-debug: before 3.8.12-1.0.1
python38: before 3.8.12-1.0.1
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-scipy: before 1.3.1-4
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-mod_wsgi: before 4.6.8-3
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3https://anas.openanolis.cn/errata/detail/ANSA-2022:0403
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.