Search CVE reports

31 – 40 of 82 results

Detailed view

Sort by:

CVE-2022-0391

Medium priority

Some fixes available 12 of 14

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed	Fixed
python3.10	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release
python3.9	Not in release	Not in release	Not affected	Not in release	Ignored

CVE-2021-46143

Medium priority

Some fixes available 24 of 293

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

50 affected packages

apache2, apr-util, astropy, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
astropy	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
audacity	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coda	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
emboss	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
harp	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ibm-3270	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
insighttoolkit5	Needs evaluation	Needs evaluation	—	—	Ignored
libsynthesis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
mame	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
opencollada	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
paraview	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.10	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not affected
python3.6	Not in release	Not in release	Not in release	Not affected	Not in release
python3.7	Not in release	Not in release	Not in release	Not affected	Not in release
python3.8	Not in release	Not in release	Not affected	Not affected	Not in release
python3.9	Not in release	Not in release	Not affected	Not in release	Not in release
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
sitecopy	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored
tla	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
visp	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
vnc4	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc	—	—	—	—	Ignored
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xsd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-4189

Medium priority

Some fixes available 11 of 16

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Fixed	Fixed	Fixed	Fixed
python3.10	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Not affected	Fixed	Not in release
python3.9	Not in release	Not in release	Not affected	Not in release	Not in release

CVE-2021-3733

Medium priority

Fixed

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...

7 affected packages

python3.10, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python3.10	Not in release	Not affected	Not in release	Not in release	Ignored
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Ignored
python3.7	Not in release	Not in release	Not in release	Fixed	Ignored
python3.8	Not in release	Not in release	Fixed	Fixed	Ignored
python3.9	Not in release	Not in release	Fixed	Not in release	Ignored

CVE-2021-3737

Medium priority

Some fixes available 9 of 10

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The...

7 affected packages

python3.10, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python3.10	Not in release	Not affected	Not in release	Not in release	Ignored
python3.4	Not in release	Not in release	Not in release	Not in release	Ignored
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Ignored
python3.7	Not in release	Not in release	Not in release	Fixed	Ignored
python3.8	Not in release	Not in release	Fixed	Fixed	Ignored
python3.9	Not in release	Not in release	Fixed	Not in release	Ignored

CVE-2021-3426

Low priority

Some fixes available 10 of 11

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.10	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Not affected	Fixed	Not in release
python3.9	Not in release	Not in release	Fixed	Not in release	Not in release

CVE-2021-29921

Medium priority

Fixed

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.10	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not affected
python3.6	Not in release	Not in release	Not in release	Not affected	Not in release
python3.7	Not in release	Not in release	Not in release	Not affected	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release
python3.9	Not in release	Not in release	Fixed	Not in release	Not in release

CVE-2021-23336

Low priority

Some fixes available 12 of 29

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs...

8 affected packages

python-django, python2.7, python3.4, python3.5, python3.6...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python-django	Fixed	Fixed	Fixed	Fixed	Not affected
python2.7	Not in release	Ignored	Ignored	Ignored	Ignored
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Ignored
python3.6	Not in release	Not in release	Not in release	Ignored	Not in release
python3.7	Not in release	Not in release	Not in release	Ignored	Not in release
python3.8	Not in release	Not in release	Ignored	Ignored	Not in release
python3.9	Not in release	Not in release	Fixed	Not in release	Not in release

CVE-2021-3177

Medium priority

Some fixes available 14 of 15

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by...

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Fixed	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release
python3.9	Not in release	Not in release	Fixed	Not in release	Not in release

CVE-2020-27619

Low priority

Fixed

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

7 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Not affected
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release
python3.8	Not in release	Not in release	Fixed	Fixed	Not in release
python3.9	Not in release	Not in release	Not affected	Not in release	Not in release

Export to JSON

Results by page: