rpm package
suse/python3&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-40217 | — | < 3.6.15-150000.3.135.1 | 3.6.15-150000.3.135.1 | Aug 25, 2023 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buf | ||
| CVE-2023-24329 | — | < 3.6.15-150000.3.124.1 | 3.6.15-150000.3.124.1 | Feb 17, 2023 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | ||
| CVE-2022-45061 | — | < 3.6.15-150000.3.119.1 | 3.6.15-150000.3.119.1 | Nov 9, 2022 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hos | ||
| CVE-2022-37454 | — | < 3.6.15-150000.3.116.1 | 3.6.15-150000.3.116.1 | Oct 21, 2022 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | ||
| CVE-2020-10735 | — | < 3.6.15-150000.3.116.1 | 3.6.15-150000.3.116.1 | Sep 9, 2022 | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2 | ||
| CVE-2021-28861 | — | < 3.6.15-150000.3.109.1 | 3.6.15-150000.3.109.1 | Aug 23, 2022 | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation | ||
| CVE-2015-20107 | — | < 3.6.15-150000.3.106.1 | 3.6.15-150000.3.106.1 | Apr 13, 2022 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validati | ||
| CVE-2021-3733 | — | < 3.6.15-3.91.4 | 3.6.15-3.91.4 | Mar 7, 2022 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafte | ||
| CVE-2021-3737 | — | < 3.6.15-3.91.4 | 3.6.15-3.91.4 | Mar 4, 2022 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to syst | ||
| CVE-2021-3572 | — | < 3.6.15-150000.3.106.1 | 3.6.15-150000.3.106.1 | Nov 10, 2021 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip | ||
| CVE-2021-3426 | — | < 3.6.15-3.91.4 | 3.6.15-3.91.4 | May 20, 2021 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normal |
- CVE-2023-40217Aug 25, 2023affected < 3.6.15-150000.3.135.1fixed 3.6.15-150000.3.135.1
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buf
- CVE-2023-24329Feb 17, 2023affected < 3.6.15-150000.3.124.1fixed 3.6.15-150000.3.124.1
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
- CVE-2022-45061Nov 9, 2022affected < 3.6.15-150000.3.119.1fixed 3.6.15-150000.3.119.1
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hos
- CVE-2022-37454Oct 21, 2022affected < 3.6.15-150000.3.116.1fixed 3.6.15-150000.3.116.1
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
- CVE-2020-10735Sep 9, 2022affected < 3.6.15-150000.3.116.1fixed 3.6.15-150000.3.116.1
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2
- CVE-2021-28861Aug 23, 2022affected < 3.6.15-150000.3.109.1fixed 3.6.15-150000.3.109.1
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation
- CVE-2015-20107Apr 13, 2022affected < 3.6.15-150000.3.106.1fixed 3.6.15-150000.3.106.1
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validati
- CVE-2021-3733Mar 7, 2022affected < 3.6.15-3.91.4fixed 3.6.15-3.91.4
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafte
- CVE-2021-3737Mar 4, 2022affected < 3.6.15-3.91.4fixed 3.6.15-3.91.4
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to syst
- CVE-2021-3572Nov 10, 2021affected < 3.6.15-150000.3.106.1fixed 3.6.15-150000.3.106.1
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip
- CVE-2021-3426May 20, 2021affected < 3.6.15-3.91.4fixed 3.6.15-3.91.4
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normal