[{"coordinates":"pkg:conda/mistune@0.8.4","reference":"https://ossindex.sonatype.org/component/pkg:conda/mistune@0.8.4","vulnerabilities":[]},{"coordinates":"pkg:conda/mkl@2019.4","reference":"https://ossindex.sonatype.org/component/pkg:conda/mkl@2019.4","vulnerabilities":[]},{"coordinates":"pkg:conda/mkl-service@2.3.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/mkl-service@2.3.0","vulnerabilities":[]},{"coordinates":"pkg:conda/mkl_fft@1.0.12","reference":"https://ossindex.sonatype.org/component/pkg:conda/mkl_fft@1.0.12","vulnerabilities":[]},{"coordinates":"pkg:conda/mkl_random@1.0.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/mkl_random@1.0.2","vulnerabilities":[]},{"coordinates":"pkg:conda/more-itertools@5.0.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/more-itertools@5.0.0","vulnerabilities":[]},{"coordinates":"pkg:conda/mpc@1.1.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/mpc@1.1.0","vulnerabilities":[]},{"coordinates":"pkg:conda/mpfr@4.0.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/mpfr@4.0.1","vulnerabilities":[]},{"coordinates":"pkg:conda/mpmath@1.1.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/mpmath@1.1.0","vulnerabilities":[]},{"coordinates":"pkg:conda/msgpack-python@0.6.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/msgpack-python@0.6.1","vulnerabilities":[]},{"coordinates":"pkg:conda/multipledispatch@0.6.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/multipledispatch@0.6.0","vulnerabilities":[]},{"coordinates":"pkg:conda/navigator-updater@0.2.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/navigator-updater@0.2.1","vulnerabilities":[]},{"coordinates":"pkg:conda/nbconvert@5.4.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/nbconvert@5.4.1","vulnerabilities":[]},{"coordinates":"pkg:conda/nbformat@4.4.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/nbformat@4.4.0","vulnerabilities":[]},{"coordinates":"pkg:conda/ncurses@6.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/ncurses@6.1","vulnerabilities":[{"id":"d0a90db4-72a6-4cd6-b332-296da2900d8e","title":"[CVE-2018-10754]  NULL Pointer Dereference","description":"In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a \"dubious character `[' in name or alias field\" detection.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cve":"CVE-2018-10754","reference":"https://ossindex.sonatype.org/vuln/d0a90db4-72a6-4cd6-b332-296da2900d8e"},{"id":"4479c70a-8866-429e-8917-340511b211d4","title":"[CVE-2018-19211]  NULL Pointer Dereference","description":"In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.","cvssScore":5.5,"cvssVector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2018-19211","reference":"https://ossindex.sonatype.org/vuln/4479c70a-8866-429e-8917-340511b211d4"},{"id":"c3b33211-f66f-44ae-8487-a431f12cc9d0","title":"[CVE-2018-19217]  NULL Pointer Dereference","description":"** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party.","cvssScore":6.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2018-19217","reference":"https://ossindex.sonatype.org/vuln/c3b33211-f66f-44ae-8487-a431f12cc9d0"},{"id":"6dacf352-bc29-4165-b9f9-0dfcbee2b93f","title":"[CVE-2019-17595] There is a heap-based buffer over-read in the fmt&#95;entry function in tinfo/comp&#95;h...","description":"There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","cvssScore":6.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2019-17595","reference":"https://ossindex.sonatype.org/vuln/6dacf352-bc29-4165-b9f9-0dfcbee2b93f"},{"id":"4749c18c-859f-4ff6-9148-f2a7f5924a61","title":"[CVE-2019-17594] There is a heap-based buffer over-read in the &#95;nc&#95;find&#95;entry function in tinfo/c...","description":"There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.","cvssScore":8.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cve":"CVE-2019-17594","reference":"https://ossindex.sonatype.org/vuln/4749c18c-859f-4ff6-9148-f2a7f5924a61"}]},{"coordinates":"pkg:conda/networkx@2.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/networkx@2.2","vulnerabilities":[]},{"coordinates":"pkg:conda/nltk@3.4","reference":"https://ossindex.sonatype.org/component/pkg:conda/nltk@3.4","vulnerabilities":[]},{"coordinates":"pkg:conda/nose@1.3.7","reference":"https://ossindex.sonatype.org/component/pkg:conda/nose@1.3.7","vulnerabilities":[]},{"coordinates":"pkg:conda/notebook@5.7.8","reference":"https://ossindex.sonatype.org/component/pkg:conda/notebook@5.7.8","vulnerabilities":[]},{"coordinates":"pkg:conda/numpy@1.16.5","reference":"https://ossindex.sonatype.org/component/pkg:conda/numpy@1.16.5","vulnerabilities":[]},{"coordinates":"pkg:conda/numpy-base@1.16.5","reference":"https://ossindex.sonatype.org/component/pkg:conda/numpy-base@1.16.5","vulnerabilities":[]},{"coordinates":"pkg:conda/numpydoc@0.8.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/numpydoc@0.8.0","vulnerabilities":[]},{"coordinates":"pkg:conda/olefile@0.46","reference":"https://ossindex.sonatype.org/component/pkg:conda/olefile@0.46","vulnerabilities":[]},{"coordinates":"pkg:conda/openpyxl@2.6.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/openpyxl@2.6.1","vulnerabilities":[]},{"coordinates":"pkg:conda/openssl@1.1.1d","reference":"https://ossindex.sonatype.org/component/pkg:conda/openssl@1.1.1d","vulnerabilities":[{"id":"9ac68536-0a39-4e94-b3d5-6a5726be91ad","title":"[CVE-2018-16395]  Data Handling","description":"An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.","cvssScore":9.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cve":"CVE-2018-16395","reference":"https://ossindex.sonatype.org/vuln/9ac68536-0a39-4e94-b3d5-6a5726be91ad"},{"id":"d3c31c2b-1117-49a6-990e-e8b16d530582","title":"[CVE-2019-0190]  Improper Input Validation","description":"A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cve":"CVE-2019-0190","reference":"https://ossindex.sonatype.org/vuln/d3c31c2b-1117-49a6-990e-e8b16d530582"}]},{"coordinates":"pkg:conda/packaging@19.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/packaging@19.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pandoc@2.2.3.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/pandoc@2.2.3.2","vulnerabilities":[]},{"coordinates":"pkg:conda/pandocfilters@1.4.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/pandocfilters@1.4.2","vulnerabilities":[]},{"coordinates":"pkg:conda/parso@0.3.4","reference":"https://ossindex.sonatype.org/component/pkg:conda/parso@0.3.4","vulnerabilities":[]},{"coordinates":"pkg:conda/partd@0.3.10","reference":"https://ossindex.sonatype.org/component/pkg:conda/partd@0.3.10","vulnerabilities":[]},{"coordinates":"pkg:conda/path.py@11.5.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/path.py@11.5.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pathlib2@2.3.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/pathlib2@2.3.3","vulnerabilities":[]},{"coordinates":"pkg:conda/pcre@8.43","reference":"https://ossindex.sonatype.org/component/pkg:conda/pcre@8.43","vulnerabilities":[]},{"coordinates":"pkg:conda/pep8@1.7.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pep8@1.7.1","vulnerabilities":[]},{"coordinates":"pkg:conda/pexpect@4.6.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/pexpect@4.6.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pickleshare@0.7.5","reference":"https://ossindex.sonatype.org/component/pkg:conda/pickleshare@0.7.5","vulnerabilities":[]},{"coordinates":"pkg:conda/pillow@5.4.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pillow@5.4.1","vulnerabilities":[{"id":"6b9c24d7-c625-47cf-b51a-8b63b4202d40","title":"[CVE-2019-16865] An issue was discovered in Pillow before 6.2.0. When reading specially crafted i...","description":"An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.","cvssScore":5.5,"cvssVector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2019-16865","reference":"https://ossindex.sonatype.org/vuln/6b9c24d7-c625-47cf-b51a-8b63b4202d40"}]},{"coordinates":"pkg:conda/pip@19.0.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/pip@19.0.3","vulnerabilities":[{"id":"e4c955a3-2004-472e-920b-783fea46c3cd","title":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","description":"The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","cvssScore":3.6,"cvssVector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","cwe":"CWE-22","reference":"https://ossindex.sonatype.org/vuln/e4c955a3-2004-472e-920b-783fea46c3cd"}]},{"coordinates":"pkg:conda/pixman@0.38.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/pixman@0.38.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pkginfo@1.5.0.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pkginfo@1.5.0.1","vulnerabilities":[]},{"coordinates":"pkg:conda/pluggy@0.9.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/pluggy@0.9.0","vulnerabilities":[]},{"coordinates":"pkg:conda/ply@3.11","reference":"https://ossindex.sonatype.org/component/pkg:conda/ply@3.11","vulnerabilities":[]},{"coordinates":"pkg:conda/portaudio@19.6.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/portaudio@19.6.0","vulnerabilities":[]},{"coordinates":"pkg:conda/prometheus_client@0.6.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/prometheus_client@0.6.0","vulnerabilities":[]},{"coordinates":"pkg:conda/prompt_toolkit@1.0.15","reference":"https://ossindex.sonatype.org/component/pkg:conda/prompt_toolkit@1.0.15","vulnerabilities":[]},{"coordinates":"pkg:conda/psutil@5.6.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/psutil@5.6.1","vulnerabilities":[]},{"coordinates":"pkg:conda/ptyprocess@0.6.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/ptyprocess@0.6.0","vulnerabilities":[]},{"coordinates":"pkg:conda/py@1.8.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/py@1.8.0","vulnerabilities":[]},{"coordinates":"pkg:conda/py-lief@0.9.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/py-lief@0.9.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pyaudio@0.2.11","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyaudio@0.2.11","vulnerabilities":[]},{"coordinates":"pkg:conda/pycodestyle@2.5.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/pycodestyle@2.5.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pycosat@0.6.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/pycosat@0.6.3","vulnerabilities":[]},{"coordinates":"pkg:conda/pycparser@2.19","reference":"https://ossindex.sonatype.org/component/pkg:conda/pycparser@2.19","vulnerabilities":[]},{"coordinates":"pkg:conda/pycrypto@2.6.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pycrypto@2.6.1","vulnerabilities":[{"id":"b827e4d7-1a6b-4c2a-bdd4-f4542aa8952a","title":"[CVE-2018-6594]  Information Exposure, Cryptographic Issues","description":"lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cve":"CVE-2018-6594","reference":"https://ossindex.sonatype.org/vuln/b827e4d7-1a6b-4c2a-bdd4-f4542aa8952a"},{"id":"8d6cbd05-a9de-4088-b901-7b8522230037","title":"[CVE-2013-7459]  Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.","cvssScore":9.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cve":"CVE-2013-7459","reference":"https://ossindex.sonatype.org/vuln/8d6cbd05-a9de-4088-b901-7b8522230037"}]},{"coordinates":"pkg:conda/pycurl@7.43.0.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/pycurl@7.43.0.2","vulnerabilities":[]},{"coordinates":"pkg:conda/pyflakes@2.1.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyflakes@2.1.1","vulnerabilities":[]},{"coordinates":"pkg:conda/pygments@2.3.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pygments@2.3.1","vulnerabilities":[]},{"coordinates":"pkg:conda/pylint@1.9.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/pylint@1.9.2","vulnerabilities":[]},{"coordinates":"pkg:conda/pyodbc@4.0.26","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyodbc@4.0.26","vulnerabilities":[]},{"coordinates":"pkg:conda/pyopenssl@19.0.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyopenssl@19.0.0","vulnerabilities":[]},{"coordinates":"pkg:conda/pyparsing@2.3.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyparsing@2.3.1","vulnerabilities":[]},{"coordinates":"pkg:conda/pyqt@5.9.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyqt@5.9.2","vulnerabilities":[]},{"coordinates":"pkg:conda/pyrsistent@0.14.11","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyrsistent@0.14.11","vulnerabilities":[]},{"coordinates":"pkg:conda/pysocks@1.6.8","reference":"https://ossindex.sonatype.org/component/pkg:conda/pysocks@1.6.8","vulnerabilities":[]},{"coordinates":"pkg:conda/pytest@4.3.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pytest@4.3.1","vulnerabilities":[]},{"coordinates":"pkg:conda/python@2.7.16","reference":"https://ossindex.sonatype.org/component/pkg:conda/python@2.7.16","vulnerabilities":[{"id":"0a0fd386-54c8-4eb1-9bf6-c8401755da8d","title":"[CVE-2017-18207]  Divide By Zero","description":"** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications \"need to be prepared to handle a wide variety of exceptions.\"","cvssScore":6.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2017-18207","reference":"https://ossindex.sonatype.org/vuln/0a0fd386-54c8-4eb1-9bf6-c8401755da8d"},{"id":"6bb23583-8410-4865-a0cc-9325c010f3fe","title":"[CVE-2017-17522] ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strin...","description":"** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.","cvssScore":8.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cve":"CVE-2017-17522","reference":"https://ossindex.sonatype.org/vuln/6bb23583-8410-4865-a0cc-9325c010f3fe"},{"id":"e20f8bc3-09c3-4472-bca6-2012f3082172","title":"[CVE-2013-7338]  Improper Input Validation","description":"Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function.","cvssScore":7.1,"cvssVector":"AV:N/AC:M/Au:N/C:N/I:N/A:C","cve":"CVE-2013-7338","reference":"https://ossindex.sonatype.org/vuln/e20f8bc3-09c3-4472-bca6-2012f3082172"},{"id":"437dbb06-1bf1-4c2b-810a-aaa6ef9b1d86","title":"[CVE-2015-5652] Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Win...","description":"Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory.  NOTE: the vendor says \"It was determined that this is a longtime behavior of Python that cannot really be altered at this point.\"","cvssScore":7.2,"cvssVector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","cve":"CVE-2015-5652","reference":"https://ossindex.sonatype.org/vuln/437dbb06-1bf1-4c2b-810a-aaa6ef9b1d86"},{"id":"8ce3cabc-2826-40fa-85df-243a36d5987a","title":"[CVE-2016-1494]  Improper Input Validation","description":"The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.","cvssScore":5.3,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cve":"CVE-2016-1494","reference":"https://ossindex.sonatype.org/vuln/8ce3cabc-2826-40fa-85df-243a36d5987a"},{"id":"f0b3bea0-9da5-4504-8cb4-ba8a9df88769","title":"[CVE-2010-3492] The asyncore module in Python before 3.2 does not properly handle unsuccessful c...","description":"The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.","cvssScore":5.0,"cvssVector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","cve":"CVE-2010-3492","reference":"https://ossindex.sonatype.org/vuln/f0b3bea0-9da5-4504-8cb4-ba8a9df88769"},{"id":"a98cc716-63a9-4c01-b85a-326a3d01a54b","title":"[CVE-2019-9636]  Credentials Management","description":"Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.","cvssScore":9.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cve":"CVE-2019-9636","reference":"https://ossindex.sonatype.org/vuln/a98cc716-63a9-4c01-b85a-326a3d01a54b"},{"id":"9b5e30e3-25a6-410d-817b-f06de5cc9a19","title":"[CVE-2019-9740]  Improper Neutralization of CRLF Sequences (\"CRLF Injection\")","description":"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n followed by an HTTP header or a Redis command.","cvssScore":6.1,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cve":"CVE-2019-9740","reference":"https://ossindex.sonatype.org/vuln/9b5e30e3-25a6-410d-817b-f06de5cc9a19"},{"id":"156d71e4-6ed5-4d5f-ae47-7d57be01d387","title":"[CVE-2019-16056] An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x throu...","description":"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cve":"CVE-2019-16056","reference":"https://ossindex.sonatype.org/vuln/156d71e4-6ed5-4d5f-ae47-7d57be01d387"},{"id":"1b3756ee-19f2-4e67-ba56-9abe066f312a","title":"[CVE-2019-16935] The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, an...","description":"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.","cvssScore":6.1,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cve":"CVE-2019-16935","reference":"https://ossindex.sonatype.org/vuln/1b3756ee-19f2-4e67-ba56-9abe066f312a"},{"id":"bed20c8a-5e03-43f4-ad55-55d2ff0659cf","title":"[CVE-2019-18348] An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Py...","description":"An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)","cvssScore":6.1,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cve":"CVE-2019-18348","reference":"https://ossindex.sonatype.org/vuln/bed20c8a-5e03-43f4-ad55-55d2ff0659cf"}]},{"coordinates":"pkg:conda/python-dateutil@2.8.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/python-dateutil@2.8.0","vulnerabilities":[]},{"coordinates":"pkg:conda/python-libarchive-c@2.8","reference":"https://ossindex.sonatype.org/component/pkg:conda/python-libarchive-c@2.8","vulnerabilities":[]},{"coordinates":"pkg:conda/python.app@2","reference":"https://ossindex.sonatype.org/component/pkg:conda/python.app@2","vulnerabilities":[]},{"coordinates":"pkg:conda/pytz@2018.9","reference":"https://ossindex.sonatype.org/component/pkg:conda/pytz@2018.9","vulnerabilities":[]},{"coordinates":"pkg:conda/pyyaml@5.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyyaml@5.1","vulnerabilities":[]},{"coordinates":"pkg:conda/pyzmq@18.0.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/pyzmq@18.0.0","vulnerabilities":[]},{"coordinates":"pkg:conda/qt@5.9.7","reference":"https://ossindex.sonatype.org/component/pkg:conda/qt@5.9.7","vulnerabilities":[{"id":"ad3ee7a4-6d8f-40eb-86df-b8c38065a416","title":"[CVE-2018-19871]  Uncontrolled Resource Consumption (\"Resource Exhaustion\")","description":"An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.","cvssScore":6.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2018-19871","reference":"https://ossindex.sonatype.org/vuln/ad3ee7a4-6d8f-40eb-86df-b8c38065a416"},{"id":"c44b66e5-9d22-429f-871a-628fcfc5a904","title":"[CVE-2018-19873]  Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.","cvssScore":9.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cve":"CVE-2018-19873","reference":"https://ossindex.sonatype.org/vuln/c44b66e5-9d22-429f-871a-628fcfc5a904"},{"id":"89e18760-1dbd-4e1b-96d5-c171011c7b5f","title":"[CVE-2018-19869]  Improper Input Validation","description":"An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.","cvssScore":6.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cve":"CVE-2018-19869","reference":"https://ossindex.sonatype.org/vuln/89e18760-1dbd-4e1b-96d5-c171011c7b5f"},{"id":"b6753550-d29d-43b4-b046-1713e4ae51c2","title":"[CVE-2018-19870]  NULL Pointer Dereference","description":"An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.","cvssScore":8.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cve":"CVE-2018-19870","reference":"https://ossindex.sonatype.org/vuln/b6753550-d29d-43b4-b046-1713e4ae51c2"},{"id":"6bb322a2-cfcc-42f4-ab16-e1806d0a1a29","title":"[CVE-2018-15518]  Double Free","description":"QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.","cvssScore":8.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cve":"CVE-2018-15518","reference":"https://ossindex.sonatype.org/vuln/6bb322a2-cfcc-42f4-ab16-e1806d0a1a29"},{"id":"89523af8-b425-47e5-b9e4-6a32984823da","title":"[CVE-2018-19865]  Information Exposure Through Log Files","description":"A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cve":"CVE-2018-19865","reference":"https://ossindex.sonatype.org/vuln/89523af8-b425-47e5-b9e4-6a32984823da"}]},{"coordinates":"pkg:conda/qtawesome@0.5.7","reference":"https://ossindex.sonatype.org/component/pkg:conda/qtawesome@0.5.7","vulnerabilities":[]},{"coordinates":"pkg:conda/qtconsole@4.4.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/qtconsole@4.4.3","vulnerabilities":[]},{"coordinates":"pkg:conda/qtpy@1.7.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/qtpy@1.7.0","vulnerabilities":[]},{"coordinates":"pkg:conda/readline@7.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/readline@7.0","vulnerabilities":[]},{"coordinates":"pkg:conda/requests@2.21.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/requests@2.21.0","vulnerabilities":[]},{"coordinates":"pkg:conda/rope@0.12.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/rope@0.12.0","vulnerabilities":[]},{"coordinates":"pkg:conda/ruamel_yaml@0.15.46","reference":"https://ossindex.sonatype.org/component/pkg:conda/ruamel_yaml@0.15.46","vulnerabilities":[]},{"coordinates":"pkg:conda/scandir@1.10.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/scandir@1.10.0","vulnerabilities":[]},{"coordinates":"pkg:conda/send2trash@1.5.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/send2trash@1.5.0","vulnerabilities":[]},{"coordinates":"pkg:conda/setuptools@40.8.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/setuptools@40.8.0","vulnerabilities":[{"id":"06e60262-8241-42ef-8f64-e3d72091de19","title":"Path Traversal in package_data","description":"This package allows the inclusion of arbitrary files from outside the package root to be included in the install, which might include sensitive files.","cvssScore":2.5,"cvssVector":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","reference":"https://ossindex.sonatype.org/vuln/06e60262-8241-42ef-8f64-e3d72091de19"}]},{"coordinates":"pkg:conda/simplegeneric@0.8.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/simplegeneric@0.8.1","vulnerabilities":[]},{"coordinates":"pkg:conda/singledispatch@3.4.0.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/singledispatch@3.4.0.3","vulnerabilities":[]},{"coordinates":"pkg:conda/sip@4.19.8","reference":"https://ossindex.sonatype.org/component/pkg:conda/sip@4.19.8","vulnerabilities":[]},{"coordinates":"pkg:conda/six@1.12.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/six@1.12.0","vulnerabilities":[]},{"coordinates":"pkg:conda/snappy@1.1.7","reference":"https://ossindex.sonatype.org/component/pkg:conda/snappy@1.1.7","vulnerabilities":[]},{"coordinates":"pkg:conda/snowballstemmer@1.2.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/snowballstemmer@1.2.1","vulnerabilities":[]},{"coordinates":"pkg:conda/sortedcollections@1.1.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/sortedcollections@1.1.2","vulnerabilities":[]},{"coordinates":"pkg:conda/sortedcontainers@2.1.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/sortedcontainers@2.1.0","vulnerabilities":[]},{"coordinates":"pkg:conda/soupsieve@1.8","reference":"https://ossindex.sonatype.org/component/pkg:conda/soupsieve@1.8","vulnerabilities":[]},{"coordinates":"pkg:conda/sphinx@1.8.5","reference":"https://ossindex.sonatype.org/component/pkg:conda/sphinx@1.8.5","vulnerabilities":[]},{"coordinates":"pkg:conda/sphinxcontrib@1.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/sphinxcontrib@1.0","vulnerabilities":[]},{"coordinates":"pkg:conda/sphinxcontrib-websupport@1.1.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/sphinxcontrib-websupport@1.1.0","vulnerabilities":[]},{"coordinates":"pkg:conda/spyder@3.3.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/spyder@3.3.3","vulnerabilities":[]},{"coordinates":"pkg:conda/spyder-kernels@0.4.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/spyder-kernels@0.4.2","vulnerabilities":[]},{"coordinates":"pkg:conda/sqlalchemy@1.3.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/sqlalchemy@1.3.1","vulnerabilities":[]},{"coordinates":"pkg:conda/sqlite@3.27.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/sqlite@3.27.2","vulnerabilities":[{"id":"e12e9147-13e7-45c6-9a31-902183f1ed04","title":"[CVE-2019-9937]  NULL Pointer Dereference","description":"In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cve":"CVE-2019-9937","reference":"https://ossindex.sonatype.org/vuln/e12e9147-13e7-45c6-9a31-902183f1ed04"},{"id":"8acd287c-7c04-4501-82fe-5aef72bac706","title":"[CVE-2019-9936]  Out-of-bounds Read","description":"In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cve":"CVE-2019-9936","reference":"https://ossindex.sonatype.org/vuln/8acd287c-7c04-4501-82fe-5aef72bac706"},{"id":"0ec9edff-8174-475b-b9d4-c878e4cf38f7","title":"[CVE-2019-8457] SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound re...","description":"SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.","cvssScore":9.8,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cve":"CVE-2019-8457","reference":"https://ossindex.sonatype.org/vuln/0ec9edff-8174-475b-b9d4-c878e4cf38f7"},{"id":"4dbf99ee-62af-4f23-89f4-35220152ff25","title":"[CVE-2019-16168] In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browse...","description":"In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cve":"CVE-2019-16168","reference":"https://ossindex.sonatype.org/vuln/4dbf99ee-62af-4f23-89f4-35220152ff25"}]},{"coordinates":"pkg:conda/ssl_match_hostname@3.7.0.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/ssl_match_hostname@3.7.0.1","vulnerabilities":[]},{"coordinates":"pkg:conda/subprocess32@3.5.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/subprocess32@3.5.3","vulnerabilities":[]},{"coordinates":"pkg:conda/sympy@1.3","reference":"https://ossindex.sonatype.org/component/pkg:conda/sympy@1.3","vulnerabilities":[]},{"coordinates":"pkg:conda/tblib@1.3.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/tblib@1.3.2","vulnerabilities":[]},{"coordinates":"pkg:conda/terminado@0.8.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/terminado@0.8.1","vulnerabilities":[]},{"coordinates":"pkg:conda/testpath@0.4.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/testpath@0.4.2","vulnerabilities":[]},{"coordinates":"pkg:conda/tk@8.6.8","reference":"https://ossindex.sonatype.org/component/pkg:conda/tk@8.6.8","vulnerabilities":[]},{"coordinates":"pkg:conda/toolz@0.9.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/toolz@0.9.0","vulnerabilities":[]},{"coordinates":"pkg:conda/tornado@5.1.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/tornado@5.1.1","vulnerabilities":[]},{"coordinates":"pkg:conda/tqdm@4.31.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/tqdm@4.31.1","vulnerabilities":[]},{"coordinates":"pkg:conda/traceback2@1.4.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/traceback2@1.4.0","vulnerabilities":[]},{"coordinates":"pkg:conda/traitlets@4.3.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/traitlets@4.3.2","vulnerabilities":[]},{"coordinates":"pkg:conda/typing@3.6.6","reference":"https://ossindex.sonatype.org/component/pkg:conda/typing@3.6.6","vulnerabilities":[]},{"coordinates":"pkg:conda/unicodecsv@0.14.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/unicodecsv@0.14.1","vulnerabilities":[]},{"coordinates":"pkg:conda/unittest2@1.1.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/unittest2@1.1.0","vulnerabilities":[]},{"coordinates":"pkg:conda/unixodbc@2.3.7","reference":"https://ossindex.sonatype.org/component/pkg:conda/unixodbc@2.3.7","vulnerabilities":[]},{"coordinates":"pkg:conda/urllib3@1.24.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/urllib3@1.24.1","vulnerabilities":[{"id":"8778c8ca-c2dd-4999-bac0-ad0ee42d4645","title":"[CVE-2019-11236]  Improper Neutralization of CRLF Sequences (\"CRLF Injection\")","description":"In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.","cvssScore":6.1,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cve":"CVE-2019-11236","reference":"https://ossindex.sonatype.org/vuln/8778c8ca-c2dd-4999-bac0-ad0ee42d4645"},{"id":"625a54d1-6175-435e-b363-e73239efa4ac","title":"[CVE-2019-11324] The urllib3 library before 1.24.2 for Python mishandles certain cases where the ...","description":"The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.","cvssScore":7.5,"cvssVector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cve":"CVE-2019-11324","reference":"https://ossindex.sonatype.org/vuln/625a54d1-6175-435e-b363-e73239efa4ac"}]},{"coordinates":"pkg:conda/wcwidth@0.1.7","reference":"https://ossindex.sonatype.org/component/pkg:conda/wcwidth@0.1.7","vulnerabilities":[]},{"coordinates":"pkg:conda/webencodings@0.5.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/webencodings@0.5.1","vulnerabilities":[]},{"coordinates":"pkg:conda/werkzeug@0.14.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/werkzeug@0.14.1","vulnerabilities":[]},{"coordinates":"pkg:conda/wheel@0.33.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/wheel@0.33.1","vulnerabilities":[]},{"coordinates":"pkg:conda/widgetsnbextension@3.4.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/widgetsnbextension@3.4.2","vulnerabilities":[]},{"coordinates":"pkg:conda/wrapt@1.11.1","reference":"https://ossindex.sonatype.org/component/pkg:conda/wrapt@1.11.1","vulnerabilities":[]},{"coordinates":"pkg:conda/wurlitzer@1.0.2","reference":"https://ossindex.sonatype.org/component/pkg:conda/wurlitzer@1.0.2","vulnerabilities":[]},{"coordinates":"pkg:conda/xlrd@1.2.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/xlrd@1.2.0","vulnerabilities":[]},{"coordinates":"pkg:conda/xlsxwriter@1.1.5","reference":"https://ossindex.sonatype.org/component/pkg:conda/xlsxwriter@1.1.5","vulnerabilities":[]},{"coordinates":"pkg:conda/xlwings@0.15.4","reference":"https://ossindex.sonatype.org/component/pkg:conda/xlwings@0.15.4","vulnerabilities":[]},{"coordinates":"pkg:conda/xlwt@1.2.0","reference":"https://ossindex.sonatype.org/component/pkg:conda/xlwt@1.2.0","vulnerabilities":[]},{"coordinates":"pkg:conda/xz@5.2.4","reference":"https://ossindex.sonatype.org/component/pkg:conda/xz@5.2.4","vulnerabilities":[]}]