VYPR

rpm package

suse/python3-base&distro=SUSE Linux Enterprise Module for Development Tools 15

pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015

Vulnerabilities (25)

  • CVE-2013-4238Aug 18, 2013
    affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2

    The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a craf

  • CVE-2012-1150Oct 5, 2012
    affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2

    Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input

  • CVE-2012-0845Oct 5, 2012
    affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2

    SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of

  • CVE-2011-4944Aug 27, 2012
    affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2

    Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

  • CVE-2011-3389Sep 6, 2011
    affected < 3.6.10-3.42.2fixed 3.6.10-3.42.2

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob

Page 2 of 2