VYPR

rpm package

opensuse/python-base&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-base&distro=openSUSE%20Tumbleweed

Vulnerabilities (13)

  • CVE-2013-1753Mar 11, 2020
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.

  • CVE-2014-4650Feb 20, 2020
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character

  • CVE-2016-5699MedSep 2, 2016
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.

  • CVE-2016-5636CriSep 2, 2016
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

  • CVE-2016-0772MedSep 2, 2016
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and th

  • CVE-2014-7185Oct 8, 2014
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

  • CVE-2014-1912Mar 1, 2014
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

  • CVE-2013-4238Aug 18, 2013
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf

  • CVE-2012-1150Oct 5, 2012
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input

  • CVE-2012-0845Oct 5, 2012
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of

  • CVE-2011-4944Aug 27, 2012
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

  • CVE-2011-3389Sep 6, 2011
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob

  • CVE-2011-1521May 24, 2011
    affected < 2.7.12-1.4fixed 2.7.12-1.4

    The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a cra