Search CVE reports
31 – 40 of 53 results
Some fixes available 8 of 11
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
11 affected packages
python, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python | Not in release | Not in release | Not in release | Ignored |
| python2.7 | Not in release | Needs evaluation | Needs evaluation | Fixed |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not affected | Fixed |
| python3.9 | Not in release | Not in release | Not affected | Not in release |
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.11 | Not in release | Not affected | Not in release | Not in release |
| python3.12 | Not affected | Not in release | Not in release | Not in release |
Some fixes available 10 of 11
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
11 affected packages
python, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python | Not in release | Not in release | Not in release | Ignored |
| python2.7 | Not in release | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not affected | Fixed |
| python3.9 | Not in release | Not in release | Not affected | Not in release |
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.11 | Not in release | Not affected | Not in release | Not in release |
| python3.12 | Not affected | Not in release | Not in release | Not in release |
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it...
11 affected packages
python, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python | Not in release | Not in release | Not in release | Ignored |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Not affected | Not affected |
| python3.9 | Not in release | Not in release | Not affected | Not in release |
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| python3.11 | Not in release | Not affected | Not in release | Not in release |
| python3.12 | Not affected | Not in release | Not in release | Not in release |
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an...
11 affected packages
python, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python | — | Not in release | Not in release | Ignored |
| python2.7 | — | Not affected | Not affected | Not affected |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not affected |
| python3.7 | — | Not in release | Not in release | Not affected |
| python3.8 | — | Not in release | Not affected | Not affected |
| python3.9 | — | Not in release | Not affected | Not in release |
| python3.10 | — | Not affected | Not in release | Not in release |
| python3.11 | — | Not affected | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release |
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
11 affected packages
python, python2.7, python3.11, python3.12, python3.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python | — | Not in release | Not in release | Ignored |
| python2.7 | — | Not affected | Not affected | Not affected |
| python3.11 | — | Not affected | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not affected |
| python3.7 | — | Not in release | Not in release | Not affected |
| python3.8 | — | Not in release | Not affected | Not affected |
| python3.9 | — | Not in release | Not affected | Not in release |
| python3.10 | — | Not affected | Not in release | Not in release |
Some fixes available 10 of 21
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...
11 affected packages
python3.10, python3.11, python3.8, python2.7, python3.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.10 | Not in release | Fixed | Not in release | Not in release |
| python3.11 | Not in release | Vulnerable | Not in release | Not in release |
| python3.8 | Not in release | Not in release | Fixed | Vulnerable |
| python2.7 | Not in release | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Vulnerable |
| python3.7 | Not in release | Not in release | Not in release | Vulnerable |
| python3.9 | Not in release | Not in release | Vulnerable | Not in release |
| python3.12 | Fixed | Not in release | Not in release | Not in release |
| python3.13 | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 18
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
9 affected packages
python3.11, python2.7, python3.10, python3.4, python3.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python3.11 | Not in release | Fixed | Not in release | Not in release |
| python2.7 | Not in release | Fixed | Fixed | Fixed |
| python3.10 | Not in release | Fixed | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Fixed |
| python3.7 | — | Not in release | Not in release | Fixed |
| python3.8 | — | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Fixed | Not in release |
Some fixes available 15 of 18
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...
10 affected packages
python2.7, python, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | Not in release | Fixed | Fixed | Fixed |
| python | — | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Fixed |
| python3.7 | — | Not in release | Not in release | Fixed |
| python3.8 | — | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Fixed | Not in release |
| python3.11 | Not in release | Fixed | Not in release | Not in release |
| python3.10 | Not in release | Fixed | Not in release | Not in release |
Some fixes available 4 of 5
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...
9 affected packages
python2.7, python3.5, python3.6, python3.9, python3.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not affected |
| python3.9 | — | Not in release | Fixed | Not in release |
| python3.10 | Not in release | Fixed | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.7 | — | Not in release | Not in release | Not affected |
| python3.8 | — | Not in release | Not affected | Not affected |
| python3.11 | Not in release | Fixed | Not in release | Not in release |
Some fixes available 16 of 20
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the...
13 affected packages
php7.2, php7.4, pypy3, pysha3, php5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.2 | — | Not in release | Not in release | Fixed |
| php7.4 | — | Not in release | Fixed | Not in release |
| pypy3 | Not affected | Fixed | Fixed | Not in release |
| pysha3 | Not in release | Fixed | Fixed | Needs evaluation |
| php5 | — | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release |
| python3.10 | Not in release | Fixed | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Fixed |
| python3.7 | — | Not in release | Not in release | Fixed |
| python3.8 | — | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Fixed | Not in release |
| python3.11 | Not in release | Not affected | Not in release | Not in release |