rpm package
opensuse/python315&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweed
Vulnerabilities (66)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-2667 | — | < 3.15.0~a1-1.1 | 3.15.0~a1-1.1 | Nov 16, 2014 | Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has | ||
| CVE-2013-4238 | — | < 3.15.0~a1-1.1 | 3.15.0~a1-1.1 | Aug 18, 2013 | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf | ||
| CVE-2012-1150 | — | < 3.15.0~a1-1.1 | 3.15.0~a1-1.1 | Oct 5, 2012 | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input | ||
| CVE-2012-0845 | — | < 3.15.0~a1-1.1 | 3.15.0~a1-1.1 | Oct 5, 2012 | SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of | ||
| CVE-2011-4944 | — | < 3.15.0~a1-1.1 | 3.15.0~a1-1.1 | Aug 27, 2012 | Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | ||
| CVE-2011-3389 | — | < 3.15.0~a1-1.1 | 3.15.0~a1-1.1 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob |
- CVE-2014-2667Nov 16, 2014affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has
- CVE-2013-4238Aug 18, 2013affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf
- CVE-2012-1150Oct 5, 2012affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input
- CVE-2012-0845Oct 5, 2012affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of
- CVE-2011-4944Aug 27, 2012affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
- CVE-2011-3389Sep 6, 2011affected < 3.15.0~a1-1.1fixed 3.15.0~a1-1.1
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob
Page 4 of 4