Search CVE reports

31 – 40 of 88 results

Detailed view

Sort by:

CVE-2022-42919

High priority

Some fixes available 4 of 5

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...

9 affected packages

python2.7, python3.10, python3.11, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected
python3.10	Not in release	Fixed	Not in release	Not in release
python3.11	Not in release	Fixed	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected
python3.8	—	Not in release	Not affected	Not affected
python3.9	—	Not in release	Fixed	Not in release

CVE-2020-10735

Negligible priority

Ignored

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits...

9 affected packages

python, python2.7, python3.10, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	—	Not in release	Not in release	Not in release
python2.7	—	Ignored	Ignored	Ignored
python3.10	—	Ignored	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Ignored
python3.7	—	Not in release	Not in release	Ignored
python3.8	—	Not in release	Ignored	Ignored
python3.9	—	Not in release	Ignored	Not in release

CVE-2021-28861

Low priority

Fixed

** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is...

9 affected packages

python2.7, python3.10, python3.11, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.10	—	Fixed	Not in release	Not in release
python3.11	—	Not affected	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected
python3.8	—	Not in release	Not affected	Not affected
python3.9	—	Not in release	Fixed	Not in release

CVE-2017-20052

Medium priority

Not affected

A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The...

9 affected packages

python, python2.7, python3.10, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	—	—	—	—
python2.7	—	Not affected	Not affected	Not affected
python3.10	—	Not affected	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected
python3.8	—	Not in release	Not affected	Not affected
python3.9	—	Not in release	Not affected	Not in release

CVE-2015-20107

Low priority

Some fixes available 17 of 18

In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Fixed	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	Not in release

CVE-2022-26488

Medium priority

Not affected

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit,...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	Not affected	Not affected	Not affected
python3.10	—	Not affected	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected
python3.8	—	Not in release	Not affected	Not affected
python3.9	—	Not in release	Not affected	Not in release

CVE-2022-0391

Medium priority

Some fixes available 12 of 15

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Vulnerable	Not in release

CVE-2021-46143

Medium priority

Some fixes available 28 of 310

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apache2, apr-util, astropy, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
astropy	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
audacity	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected
coda	Needs evaluation	Needs evaluation	Needs evaluation	—
coin3	Not affected	Not affected	Not affected	Needs evaluation
emboss	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
harp	Needs evaluation	Needs evaluation	Needs evaluation	—
ibm-3270	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit	Not in release	Not in release	Not in release	Not in release
insighttoolkit4	Not in release	Not affected	Not affected	Not affected
insighttoolkit5	Needs evaluation	Needs evaluation	—	—
libsynthesis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Fixed	Fixed	Fixed	Fixed
mame	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Ignored	Ignored	Ignored	Ignored
opencollada	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
paraview	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python2.7	Not in release	Not affected	Not affected	Not affected
python3.10	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not affected
python3.7	Not in release	Not in release	Not in release	Not affected
python3.8	Not in release	Not in release	Not affected	Not affected
python3.9	Not in release	Not in release	Not affected	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
sitecopy	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Ignored
tla	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
visp	Needs evaluation	Needs evaluation	—	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc	—	—	—	—
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xsd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-4189

Medium priority

Some fixes available 11 of 16

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not affected	Fixed
python3.9	Not in release	Not in release	Not affected	Not in release

CVE-2021-3733

Medium priority

Fixed

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...

7 affected packages

python3.10, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python3.10	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Fixed	Not in release

Export to JSON

Results by page: