rpm package
suse/python&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP1
pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1060 | Hig | 7.5 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Jun 18, 2018 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. | |
| CVE-2017-18207 | Med | 6.5 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Mar 1, 2018 | The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca | |
| CVE-2018-1000030 | Low | 3.6 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Feb 8, 2018 | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multi | |
| CVE-2017-1000158 | Cri | 9.8 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Nov 17, 2017 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | |
| CVE-2016-5699 | Med | 6.1 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Sep 2, 2016 | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | |
| CVE-2016-5636 | Cri | 9.8 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Sep 2, 2016 | Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. | |
| CVE-2016-0772 | Med | 6.5 | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Sep 2, 2016 | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and th | |
| CVE-2014-7185 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Oct 8, 2014 | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. | ||
| CVE-2014-1912 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Mar 1, 2014 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | ||
| CVE-2013-4238 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 18, 2013 | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf | ||
| CVE-2012-1150 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Oct 5, 2012 | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input | ||
| CVE-2012-0845 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Oct 5, 2012 | SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of | ||
| CVE-2011-4944 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 27, 2012 | Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | ||
| CVE-2011-3389 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob | ||
| CVE-2011-1521 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | May 24, 2011 | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a cra | ||
| CVE-2008-3144 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 1, 2008 | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOT | ||
| CVE-2008-3143 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 1, 2008 | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcode | ||
| CVE-2008-3142 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 1, 2008 | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related t | ||
| CVE-2008-2316 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 1, 2008 | Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." | ||
| CVE-2008-2315 | — | < 2.7.17-7.32.2 | 2.7.17-7.32.2 | Aug 1, 2008 | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule |
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue beca
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multi
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
- affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and th
- CVE-2014-7185Oct 8, 2014affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
- CVE-2014-1912Mar 1, 2014affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
- CVE-2013-4238Aug 18, 2013affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf
- CVE-2012-1150Oct 5, 2012affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input
- CVE-2012-0845Oct 5, 2012affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of
- CVE-2011-4944Aug 27, 2012affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
- CVE-2011-3389Sep 6, 2011affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob
- CVE-2011-1521May 24, 2011affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a cra
- CVE-2008-3144Aug 1, 2008affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOT
- CVE-2008-3143Aug 1, 2008affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcode
- CVE-2008-3142Aug 1, 2008affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related t
- CVE-2008-2316Aug 1, 2008affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
- CVE-2008-2315Aug 1, 2008affected < 2.7.17-7.32.2fixed 2.7.17-7.32.2
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule
Page 2 of 3