Search CVE reports


Toggle filters

11 – 20 of 25 results


CVE-2012-0876

Medium priority

Some fixes available 36 of 388

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...

41 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
audacity Needs evaluation Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Vulnerable
cableswig Not in release Not in release Not in release Not in release Vulnerable
cadaver Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
celementtree Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable Vulnerable
expat Not affected Not affected Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
grmonitor Not in release Not in release Not in release Not in release Not in release
insighttoolkit Not in release Not in release Not in release Not in release Vulnerable
kompozer Not in release Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release Not in release
libxmltok Not affected Not affected Not affected Not affected Not affected
matanza Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
paraview Not affected Not affected Not affected Not affected Not affected
poco Not affected Not affected Not affected Not affected Not affected
python-xml Not in release Not in release Not in release Not in release Not in release
python2.4 Not in release Not in release Not in release Not in release Not in release
python2.5 Not in release Not in release Not in release Not in release Not in release
python2.6 Not in release Not in release Not in release Not in release Not in release
simgear Not affected Not affected Not affected Not affected Not affected
sitecopy Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not affected Not affected
swish-e Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
tdom Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
tla Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Ignored Ignored
vtk Not in release Not in release Not in release Not in release Not affected
w3c-libwww Not in release Not in release Not in release Not in release Not in release
wbxml2 Not affected Not affected Not affected Not affected Not affected
wxwidgets2.6 Not in release Not in release Not in release Not in release Not in release
wxwidgets2.8 Not in release Not in release Not in release Not in release Not in release
wxwindows2.4 Not in release Not in release Not in release Not in release Not in release
xmlrpc-c Fixed Fixed Fixed Fixed Fixed
xotcl Not affected Not affected Not affected Not affected Not affected
xulrunner Not in release Not in release Not in release Not in release Not in release
Show all 41 packages Show less packages

CVE-2011-4940

Medium priority

Some fixes available 5 of 7

The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it...

4 affected packages

python2.4, python2.5, python2.6, python2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
Show less packages

CVE-2012-1150

Medium priority

Some fixes available 9 of 14

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
Show less packages

CVE-2012-0845

Low priority

Some fixes available 11 of 14

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
Show less packages

CVE-2011-1521

Medium priority

Some fixes available 9 of 12

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
Show less packages

CVE-2011-1015

Low priority

Some fixes available 5 of 7

The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.

4 affected packages

python2.4, python2.5, python2.6, python2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
Show less packages

CVE-2010-3492

Negligible priority
Ignored

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the...

4 affected packages

python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.6
python2.7
python3.1
python3.2
Show less packages

CVE-2010-3493

Negligible priority

Some fixes available 4 of 7

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection,...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
Show less packages

CVE-2010-2089

Low priority

Some fixes available 4 of 11

The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
Show less packages

CVE-2010-1634

Low priority

Some fixes available 4 of 11

Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.4
python2.5
python2.6
python2.7
python3.1
python3.2
Show less packages