VYPR

rpm package

opensuse/python315&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweed

Vulnerabilities (66)

  • CVE-2023-40217Aug 25, 2023
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buf

  • CVE-2023-2650May 30, 2023
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limi

  • CVE-2023-27043MedApr 19, 2023
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which applica

  • CVE-2023-24329Feb 17, 2023
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

  • CVE-2023-0286Feb 8, 2023
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This

  • CVE-2022-45061Nov 9, 2022
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hos

  • CVE-2022-42919Nov 6, 2022
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same mach

  • CVE-2020-10735Sep 9, 2022
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2

  • CVE-2021-4189Aug 24, 2022
    affected < 3.15.0~b2-1.1fixed 3.15.0~b2-1.1

    A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP

  • CVE-2022-25236Feb 16, 2022
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

  • CVE-2021-3426May 20, 2021
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normal

  • CVE-2021-23336Feb 15, 2021
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When

  • CVE-2021-3177Jan 19, 2021
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occu

  • CVE-2020-15801Jul 17, 2020
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected.

  • CVE-2019-20907Jul 13, 2020
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

  • CVE-2020-15523Jul 4, 2020
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for pyth

  • CVE-2014-4650Feb 20, 2020
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character

  • CVE-2020-8492Jan 30, 2020
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtr

  • CVE-2019-5010Oct 31, 2019
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connection

  • CVE-2019-9947Mar 23, 2019
    affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1

    An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path compone