Search CVE reports
61 – 70 of 81 results
Some fixes available 11 of 16
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to...
8 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not affected | Fixed |
| python3.9 | Not in release | Not in release | Not affected | Not in release |
| python2.7 | Not in release | Fixed | Fixed | Fixed |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Fixed | Not in release |
Some fixes available 9 of 10
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Fixed | Not in release |
Some fixes available 10 of 11
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not affected | Fixed |
| python3.9 | Not in release | Not in release | Fixed | Not in release |
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Fixed | Not in release |
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 8 of 9
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.6 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.1 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.3 | — | — | — | — |
Some fixes available 5 of 41
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote...
10 affected packages
bzr, w3af, linkchecker, python-tornado, python-urllib3...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bzr | Not affected | Not affected | Not affected | Not affected |
| w3af | Not in release | Not in release | Not in release | Not in release |
| linkchecker | Not affected | Not affected | Not in release | Not affected |
| python-tornado | Not affected | Not affected | Not affected | Not affected |
| python-urllib3 | Not affected | Not affected | Not affected | Not affected |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.1 | Not in release | Not in release | Not in release | Not in release |
| python3.2 | Not in release | Not in release | Not in release | Not in release |
| python3.3 | Not in release | Not in release | Not in release | Not in release |
| zeroinstall-injector | Not affected | Not affected | Not affected | Not affected |