Search CVE reports
41 – 50 of 57 results
CVE-2021-29921
Medium priorityIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2013-7040
Low priorityPython 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |
CVE-2013-7338
Low priorityPython before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2014-1912
Medium prioritySome fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |
python3.4 | — | — | — | — | — |
CVE-2013-4238
Medium prioritySome fixes available 8 of 9
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |
CVE-2013-2099
Low prioritySome fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, linkchecker, python-tornado, python-urllib3, python2.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
bzr | Not affected | Not affected | Not affected | Not affected | Not affected |
linkchecker | Not affected | Not affected | Not in release | Not affected | Not affected |
python-tornado | Not affected | Not affected | Not affected | Not affected | Not affected |
python-urllib3 | Not affected | Not affected | Not affected | Not affected | Not affected |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
w3af | Not in release | Not in release | Not in release | Not in release | Vulnerable |
zeroinstall-injector | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2011-4944
Low prioritySome fixes available 13 of 16
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
7 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |
CVE-2012-2135
Low priorityThe utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or...
3 affected packages
python3.1, python3.2, python3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
python3.3 | — | — | — | — | — |
CVE-2012-1150
Medium prioritySome fixes available 9 of 14
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |
CVE-2012-0845
Low prioritySome fixes available 11 of 14
SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
python2.7 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.2 | — | — | — | — | — |