Search CVE reports
31 – 40 of 54 results
CVE-2015-20107
Low prioritySome fixes available 17 of 18
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2022-26488
Medium priorityIn Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit,...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2022-0391
Medium prioritySome fixes available 12 of 14
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Ignored |
CVE-2021-46143
Medium prioritySome fixes available 24 of 293
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apache2, apr-util, astropy, audacity, ayttm...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
audacity | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coda | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
harp | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
opencollada | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
tla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
visp | Needs evaluation | Needs evaluation | — | Needs evaluation | Needs evaluation |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc | — | — | — | — | Ignored |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-4189
Medium prioritySome fixes available 11 of 16
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2021-3733
Medium priorityThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python3.10 | Not in release | Not affected | Not in release | Not in release | Ignored |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Ignored |
python3.7 | Not in release | Not in release | Not in release | Fixed | Ignored |
python3.8 | Not in release | Not in release | Fixed | Fixed | Ignored |
python3.9 | Not in release | Not in release | Fixed | Not in release | Ignored |
CVE-2021-3737
Medium prioritySome fixes available 9 of 10
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python3.10 | Not in release | Not affected | Not in release | Not in release | Ignored |
python3.4 | Not in release | Not in release | Not in release | Not in release | Ignored |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Ignored |
python3.7 | Not in release | Not in release | Not in release | Fixed | Ignored |
python3.8 | Not in release | Not in release | Fixed | Fixed | Ignored |
python3.9 | Not in release | Not in release | Fixed | Not in release | Ignored |
CVE-2021-3426
Low prioritySome fixes available 10 of 11
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2021-29921
Medium priorityIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2021-23336
Low prioritySome fixes available 12 of 29
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs...
8 affected packages
python-django, python2.7, python3.4, python3.5, python3.6...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-django | Fixed | Fixed | Fixed | Fixed | Not affected |
python2.7 | Not in release | Ignored | Ignored | Ignored | Ignored |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Ignored |
python3.6 | Not in release | Not in release | Not in release | Ignored | Not in release |
python3.7 | Not in release | Not in release | Not in release | Ignored | Not in release |
python3.8 | Not in release | Not in release | Ignored | Ignored | Not in release |
python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |