Search CVE reports
1 – 10 of 827 results
(tarfile.data_filter could be bypassed using crafted link entries, incl ...)
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pypy3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| python2.7 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| python3.4 | Not in release | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| python3.7 | Not in release | Not in release | Not in release | — | Needs evaluation |
| python3.8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| python3.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
| python3.10 | Not in release | Not in release | Needs evaluation | — | — |
| python3.11 | Not in release | Not in release | Needs evaluation | — | — |
| python3.12 | Not in release | Needs evaluation | Not in release | — | — |
| python3.13 | Not in release | Not in release | Not in release | — | — |
| python3.14 | Needs evaluation | Not in release | Not in release | — | — |
(An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3 ...)
1 affected package
python-oslo.messaging
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-oslo.messaging | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's par ...)
1 affected package
python-daphne
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-daphne | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayl ...)
1 affected package
python-daphne
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-daphne | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(unicodedata.normalize() can take excessive CPU time when processing sp ...)
13 affected packages
pypy3, python2.7, python3.4, python3.5, python3.6...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pypy3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| python2.7 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| python3.4 | Not in release | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | Not in release | — | Needs evaluation |
| python3.7 | Not in release | Not in release | Not in release | — | Needs evaluation |
| python3.8 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| python3.9 | Not in release | Not in release | Not in release | Needs evaluation | — |
| python3.10 | Not in release | Not in release | Needs evaluation | — | — |
| python3.11 | Not in release | Not in release | Needs evaluation | — | — |
| python3.12 | Not in release | Needs evaluation | Not in release | — | — |
| python3.13 | Not in release | Not in release | Not in release | — | — |
| python3.14 | Needs evaluation | Not in release | Not in release | — | — |
Potential exposure of private data via case-sensitive `Cache-Control` directives in `UpdateCacheMiddleware`
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Potential unencrypted email transmission via `STARTTLS` in the SMTP backend
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Potential exposure of private data via whitespace padding in `Vary` header
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Potential exposure of private data via missing `Vary: Authorization` in `UpdateCacheMiddleware`
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |