Search CVE reports
141 – 150 of 828 results
Some fixes available 18 of 33
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.
14 affected packages
jython, pypy3, python2.7, python3.4, python3.5...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| jython | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pypy3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| python2.7 | Not in release | Not in release | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | Not in release | — | Fixed |
| python3.7 | Not in release | Not in release | Not in release | — | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Not in release | Fixed | — | — |
| python3.11 | Not in release | Not in release | Fixed | — | — |
| python3.12 | Not in release | Fixed | Not in release | — | — |
| python3.13 | Not in release | Not in release | Not in release | — | — |
| python3.14 | Not affected | Not in release | Not in release | — | — |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Not affected |
Some fixes available 12 of 19
When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues
12 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Ignored | Ignored | Ignored |
| python3.4 | Not in release | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | Not in release | — | Fixed |
| python3.7 | Not in release | Not in release | Not in release | — | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Not in release | Fixed | — | — |
| python3.11 | Not in release | Not in release | Fixed | — | — |
| python3.12 | Not in release | Fixed | Not in release | — | — |
| python3.13 | Not in release | Not in release | Not in release | — | — |
| python3.14 | Not affected | Not in release | Not in release | — | — |
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory,...
12 affected packages
python3.8, python2.7, python3.4, python3.5, python3.6...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | — | — |
| python3.5 | Not in release | Not in release | Not in release | — | — |
| python3.6 | Not in release | Not in release | Not in release | — | Not affected |
| python3.7 | Not in release | Not in release | Not in release | — | Not affected |
| python3.9 | Not in release | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Not in release | Fixed | — | — |
| python3.11 | Not in release | Not in release | Fixed | — | — |
| python3.12 | Not in release | Fixed | Not in release | — | — |
| python3.13 | Not in release | Not in release | Not in release | — | — |
| python3.14 | Not affected | Not in release | Not in release | — | — |
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that...
1 affected package
python-werkzeug
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-werkzeug | — | Not affected | Not affected | Not affected | Not affected |
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a...
1 affected package
python-kdcproxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-kdcproxy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side...
1 affected package
python-kdcproxy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-kdcproxy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | Not affected | Not affected | Not affected | Not affected |
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | Not affected | Not affected | Not affected | Not affected |