Search CVE reports

Toggle filters

51 – 60 of 115 results

CVE-2021-46143

Medium priority

Some fixes available 36 of 333

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apr-util, audacity, ayttm, cableswig, cadaver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apr-util Not affected Not affected Not affected Not affected
audacity Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected
coda Needs evaluation Needs evaluation Needs evaluation
coin3 Not affected Not affected Not affected Needs evaluation
emboss Needs evaluation Needs evaluation Needs evaluation Needs evaluation
expat Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not affected Not affected Not affected
libxmltok Fixed Fixed Fixed Fixed
harp Needs evaluation Needs evaluation Needs evaluation
ibm-3270 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
insighttoolkit Not in release Not in release Not in release Not in release
insighttoolkit5 Needs evaluation Needs evaluation
libsynthesis Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mame Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored
opencollada Needs evaluation Needs evaluation Needs evaluation Needs evaluation
paraview Needs evaluation Needs evaluation Needs evaluation Needs evaluation
poco Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python2.7 Not in release Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
python3.8 Not in release Not in release Not affected Not affected
python3.9 Not in release Not in release Not affected Not in release
thunderbird Not affected Not affected Not in release Ignored
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
sitecopy Not in release Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected
tla Needs evaluation Needs evaluation Needs evaluation Needs evaluation
visp Needs evaluation Needs evaluation Needs evaluation
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xsd Needs evaluation Needs evaluation Needs evaluation Needs evaluation
apache2 Not affected Not affected Not affected Not affected
astropy Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 50 packages Show less packages

CVE-2021-4189

Medium priority

Some fixes available 11 of 16

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to...

8 affected packages

python3.10, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.10 Not in release Not affected Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Fixed
python3.7 Not in release Not in release Not in release Fixed
python3.8 Not in release Not in release Not affected Fixed
python3.9 Not in release Not in release Not affected Not in release
python2.7 Not in release Fixed Fixed Fixed
Show all 8 packages Show less packages

CVE-2021-3426

Low priority

Some fixes available 10 of 11

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Fixed
python3.7 Not in release Not in release Not in release Fixed
python3.8 Not in release Not in release Not affected Fixed
python3.9 Not in release Not in release Fixed Not in release
Show all 8 packages Show less packages

CVE-2021-29921

Medium priority
Fixed

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not affected Not affected Not affected
python3.10 Not in release Not affected Not in release Not in release
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
python3.8 Not in release Not in release Fixed Fixed
python3.9 Not in release Not in release Fixed Not in release
Show all 8 packages Show less packages

CVE-2021-23336

Low priority

Some fixes available 12 of 29

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs...

8 affected packages

python-django, python2.7, python3.4, python3.5, python3.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Fixed
python2.7 Not in release Ignored Ignored Ignored
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Ignored
python3.7 Not in release Not in release Not in release Ignored
python3.8 Not in release Not in release Ignored Ignored
python3.9 Not in release Not in release Fixed Not in release
Show all 8 packages Show less packages

CVE-2021-3177

Medium priority

Some fixes available 14 of 15

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by...

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not affected Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Fixed
python3.7 Not in release Not in release Not in release Fixed
python3.8 Not in release Not in release Fixed Fixed
python3.9 Not in release Not in release Fixed Not in release
Show all 7 packages Show less packages

CVE-2020-27619

Low priority
Fixed

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

7 affected packages

python3.9, python2.7, python3.8, python3.4, python3.5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.9 Not in release Not in release Not affected Not in release
python2.7 Not in release Not affected Not affected Not affected
python3.8 Not in release Not in release Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Fixed
python3.7 Not in release Not in release Not in release Fixed
Show all 7 packages Show less packages

CVE-2020-26116

Medium priority

Some fixes available 6 of 9

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...

7 affected packages

python3.9, python2.7, python3.8, python3.7, python3.4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.9 Not in release Not in release Not affected Not in release
python2.7 Not in release Not affected Not affected Not affected
python3.8 Not in release Not in release Not affected Fixed
python3.7 Not in release Not in release Not in release Fixed
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Fixed
Show all 7 packages Show less packages

CVE-2020-15801

Medium priority
Not affected

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not affected Not affected
python3.4 Not in release Not in release
python3.5 Not in release Not in release
python3.6 Not in release Not affected
python3.7 Not in release Not affected
python3.8 Not affected Not affected
python3.9 Not affected Not in release
Show all 7 packages Show less packages

CVE-2019-20907

Medium priority

Some fixes available 11 of 17

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

6 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7, python3.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not affected Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Fixed
python3.7 Not in release Not in release Not in release Fixed
python3.8 Not in release Not in release Fixed Fixed
Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON