Search CVE reports
41 – 50 of 50 results
CVE-2021-3733
Medium priorityThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python3.10 | Not in release | Not affected | Not in release | Not in release | Ignored |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Ignored |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Ignored |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Ignored |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Ignored |
CVE-2021-3737
Medium prioritySome fixes available 9 of 10
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python3.10 | Not in release | Not affected | Not in release | Not in release | Ignored |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Ignored |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Ignored |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Ignored |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Ignored |
CVE-2021-3426
Low prioritySome fixes available 10 of 11
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2021-29921
Medium priorityIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2021-23336
Low prioritySome fixes available 12 of 29
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs...
8 affected packages
python-django, python2.7, python3.4, python3.5, python3.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Not affected |
| python2.7 | Not in release | Ignored | Ignored | Ignored | Ignored |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Ignored |
| python3.6 | Not in release | Not in release | Not in release | Ignored | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Ignored | Not in release |
| python3.8 | Not in release | Not in release | Ignored | Ignored | Not in release |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2021-3177
Medium prioritySome fixes available 14 of 15
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by...
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Fixed | Not in release | Not in release |
CVE-2020-27619
Low priorityIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Fixed | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2020-26116
Medium prioritySome fixes available 6 of 9
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control...
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.6 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.7 | Not in release | Not in release | Not in release | Fixed | Not in release |
| python3.8 | Not in release | Not in release | Not affected | Fixed | Not in release |
| python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
CVE-2020-15801
Unknown priorityIn Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
7 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | Not affected | Not affected | Not affected |
| python3.4 | — | — | Not in release | Not in release | Not in release |
| python3.5 | — | — | Not in release | Not in release | Not affected |
| python3.6 | — | — | Not in release | Not affected | Not in release |
| python3.7 | — | — | Not in release | Not affected | Not in release |
| python3.8 | — | — | Not affected | Not affected | Not in release |
| python3.9 | — | — | Not affected | Not in release | Not in release |
CVE-2007-4559
Medium prioritySome fixes available 2 of 30
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python2.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.3 | — | — | — | — | — |
| python2.4 | — | — | — | — | — |
| python2.5 | — | — | — | — | — |
| python2.6 | — | — | — | — | — |
| python2.7 | — | Ignored | Ignored | Ignored | Ignored |
| python3.0 | — | — | — | — | — |
| python3.1 | — | — | — | — | — |
| python3.10 | — | Fixed | Not in release | Not in release | Not in release |
| python3.11 | — | Ignored | Not in release | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Ignored |
| python3.6 | — | Not in release | Not in release | Ignored | Not in release |
| python3.7 | — | Not in release | Not in release | Ignored | Not in release |
| python3.8 | — | Not in release | Ignored | Ignored | Not in release |
| python3.9 | — | Not in release | Ignored | Not in release | Not in release |