Search CVE reports
81 – 90 of 96 results
Some fixes available 7 of 10
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which...
4 affected packages
python3.2, python2.7, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.2 | — | Not in release | Not in release | Not in release |
| python2.7 | — | Not affected | Not affected | Not affected |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
Some fixes available 7 of 10
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | Not affected | Not affected | Not affected |
| python3.2 | — | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
Some fixes available 7 of 10
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by...
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | Not affected | Not affected | Not affected |
| python3.2 | — | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was...
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | Not affected |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | Not in release |
| python3.5 | — | — | — | Not in release |
Some fixes available 17 of 18
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that...
8 affected packages
python2.7, python3.10, python3.9, python3.4, python3.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | Not in release | Fixed | Fixed | Fixed |
| python3.10 | Not in release | Fixed | Not in release | Not in release |
| python3.9 | Not in release | Not in release | Fixed | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Fixed | Fixed |
Some fixes available 1 of 4
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
3 affected packages
python3.4, python2.7, python3.2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.4 | — | — | — | — |
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
Some fixes available 4 of 5
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 4 of 5
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | — |
| python3.2 | — | — | — | — |
| python3.4 | — | — | — | — |
Some fixes available 1 of 3
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | — | — | — | Not affected |
| python3.2 | — | — | — | Not in release |
| python3.4 | — | — | — | Not in release |