Search CVE reports


Toggle filters

21 – 30 of 47 results


CVE-2022-48560

Medium priority

Some fixes available 8 of 11

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python Not in release Not in release Not in release Ignored Ignored
python2.7 Not in release Needs evaluation Needs evaluation Fixed Fixed
python3.10 Not in release Not affected Not in release Not in release Not in release
python3.11 Not in release Not affected Not in release Not in release Not in release
python3.12 Not affected Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Not in release Fixed Not in release
python3.8 Not in release Not in release Not affected Fixed Not in release
python3.9 Not in release Not in release Not affected Not in release Not in release
Show all 11 packages Show less packages

CVE-2023-38898

Medium priority
Not affected

** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release...

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python Not in release Not in release Not in release Ignored Ignored
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release Not in release
python3.11 Not in release Not affected Not in release Not in release Not in release
python3.12 Not affected Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not in release Not affected Not in release
python3.8 Not in release Not in release Not affected Not affected Not in release
python3.9 Not in release Not in release Not affected Not in release Not in release
Show all 11 packages Show less packages

CVE-2023-36632

Medium priority
Not affected

** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument...

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python Not in release Not in release Ignored Ignored
python2.7 Not affected Not affected Not affected Not affected
python3.10 Not affected Not in release Not in release Not in release
python3.11 Not affected Not in release Not in release Not in release
python3.12 Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not affected Not in release
python3.8 Not in release Not affected Not affected Not in release
python3.9 Not in release Not affected Not in release Not in release
Show all 11 packages Show less packages

CVE-2023-33595

Medium priority
Not affected

CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python Not in release Not in release Ignored Ignored
python2.7 Not affected Not affected Not affected Not affected
python3.10 Not affected Not in release Not in release Not in release
python3.11 Not affected Not in release Not in release Not in release
python3.12 Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not affected Not in release
python3.8 Not in release Not affected Not affected Not in release
python3.9 Not in release Not affected Not in release Not in release
Show all 11 packages Show less packages

CVE-2023-27043

Medium priority

Some fixes available 10 of 21

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...

11 affected packages

python2.7, python3.10, python3.11, python3.12, python3.13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Fixed Fixed Fixed Fixed
python3.10 Not in release Fixed Not in release Not in release Not in release
python3.11 Not in release Vulnerable Not in release Not in release Not in release
python3.12 Fixed Not in release Not in release Not in release Not in release
python3.13 Not in release Not in release Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Not in release Vulnerable Not in release
python3.7 Not in release Not in release Not in release Vulnerable Not in release
python3.8 Not in release Not in release Fixed Vulnerable Not in release
python3.9 Not in release Not in release Vulnerable Not in release Not in release
Show all 11 packages Show less packages

CVE-2023-24329

Medium priority

Some fixes available 11 of 18

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

9 affected packages

python2.7, python3.10, python3.11, python3.4, python3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Vulnerable Vulnerable Vulnerable Fixed
python3.10 Not in release Fixed Not in release Not in release Not in release
python3.11 Not in release Vulnerable Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Fixed Not in release
python3.8 Not in release Fixed Fixed Not in release
python3.9 Not in release Fixed Not in release Not in release
Show all 9 packages Show less packages

CVE-2022-45061

Medium priority

Some fixes available 12 of 18

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...

10 affected packages

python, python2.7, python3.10, python3.11, python3.4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python Not in release Not in release Not in release Ignored
python2.7 Not in release Needs evaluation Needs evaluation Fixed Fixed
python3.10 Not in release Fixed Not in release Not in release Not in release
python3.11 Not in release Vulnerable Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Fixed
python3.6 Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Fixed Not in release
python3.8 Not in release Fixed Fixed Not in release
python3.9 Not in release Fixed Not in release Not in release
Show all 10 packages Show less packages

CVE-2022-42919

High priority

Some fixes available 3 of 5

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...

9 affected packages

python2.7, python3.10, python3.11, python3.4, python3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python2.7 Not in release Not affected Not affected Not affected Not affected
python3.10 Not in release Fixed Not in release Not in release Not in release
python3.11 Not in release Vulnerable Not in release Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not affected
python3.6 Not in release Not in release Not affected Not in release
python3.7 Not in release Not in release Not affected Not in release
python3.8 Not in release Not affected Not affected Not in release
python3.9 Not in release Fixed Not in release Not in release
Show all 9 packages Show less packages

CVE-2022-37454

Medium priority

Some fixes available 16 of 20

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the...

13 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Fixed Not in release
php7.4 Not in release Fixed Not in release Not in release
php8.1 Not in release Fixed Not in release Not in release Not in release
pypy3 Not affected Fixed Fixed Not in release Ignored
pysha3 Not in release Fixed Fixed Needs evaluation Needs evaluation
python3.10 Not in release Fixed Not in release Not in release Not in release
python3.11 Not in release Not affected Not in release Not in release Not in release
python3.6 Not in release Not in release Fixed Not in release
python3.7 Not in release Not in release Fixed Not in release
python3.8 Not in release Fixed Fixed Not in release
python3.9 Not in release Fixed Not in release Not in release
Show all 13 packages Show less packages

CVE-2020-10735

Negligible priority
Ignored

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits...

9 affected packages

python, python2.7, python3.10, python3.4, python3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python Not in release Not in release Not in release Ignored
python2.7 Ignored Ignored Ignored Ignored
python3.10 Ignored Not in release Not in release Ignored
python3.4 Not in release Not in release Not in release Ignored
python3.5 Not in release Not in release Not in release Ignored
python3.6 Not in release Not in release Ignored Ignored
python3.7 Not in release Not in release Ignored Ignored
python3.8 Not in release Ignored Ignored Ignored
python3.9 Not in release Ignored Not in release Ignored
Show all 9 packages Show less packages