rpm package
suse/python3-base&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-4238 | — | < 3.6.10-3.42.2 | 3.6.10-3.42.2 | Aug 18, 2013 | The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf | ||
| CVE-2012-1150 | — | < 3.6.10-3.42.2 | 3.6.10-3.42.2 | Oct 5, 2012 | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input | ||
| CVE-2012-0845 | — | < 3.6.10-3.42.2 | 3.6.10-3.42.2 | Oct 5, 2012 | SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of | ||
| CVE-2011-4944 | — | < 3.6.10-3.42.2 | 3.6.10-3.42.2 | Aug 27, 2012 | Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | ||
| CVE-2011-3389 | — | < 3.6.10-3.42.2 | 3.6.10-3.42.2 | Sep 6, 2011 | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob |
- CVE-2013-4238Aug 18, 2013affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf
- CVE-2012-1150Oct 5, 2012affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input
- CVE-2012-0845Oct 5, 2012affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of
- CVE-2011-4944Aug 27, 2012affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
- CVE-2011-3389Sep 6, 2011affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob
Page 2 of 2