Search CVE reports
21 – 29 of 29 results
CVE-2023-36632
Medium priority** DISPUTED ** The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument...
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Ignored | Ignored |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2023-33595
Medium priorityCPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Ignored | Ignored |
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Not affected | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Not affected | Not in release | Not in release |
CVE-2023-27043
Medium prioritySome fixes available 10 of 21
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Fixed | Fixed | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.12 | Fixed | Not in release | Not in release | Not in release | Not in release |
python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Fixed |
python3.6 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.7 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
python3.8 | Not in release | Not in release | Fixed | Vulnerable | Not in release |
python3.9 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
CVE-2023-24329
Medium prioritySome fixes available 11 of 18
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Vulnerable | Vulnerable | Vulnerable | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-45061
Medium prioritySome fixes available 12 of 18
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...
10 affected packages
python, python2.7, python3.10, python3.11, python3.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python | — | Not in release | Not in release | Not in release | Ignored |
python2.7 | Not in release | Needs evaluation | Needs evaluation | Fixed | Fixed |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-42919
High prioritySome fixes available 3 of 5
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Not affected |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2022-37454
Medium prioritySome fixes available 16 of 20
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the...
13 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Not affected |
php7.2 | — | Not in release | Not in release | Fixed | Not in release |
php7.4 | — | Not in release | Fixed | Not in release | Not in release |
php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
pypy3 | Not affected | Fixed | Fixed | Not in release | Ignored |
pysha3 | Not in release | Fixed | Fixed | Needs evaluation | Needs evaluation |
python3.10 | Not in release | Fixed | Not in release | Not in release | Not in release |
python3.11 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.6 | — | Not in release | Not in release | Fixed | Not in release |
python3.7 | — | Not in release | Not in release | Fixed | Not in release |
python3.8 | — | Not in release | Fixed | Fixed | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2021-28861
Low priority** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.7 | — | Not affected | Not affected | Not affected | Not affected |
python3.10 | — | Fixed | Not in release | Not in release | Not in release |
python3.11 | — | Not affected | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Fixed |
python3.6 | — | Not in release | Not in release | Not affected | Not in release |
python3.7 | — | Not in release | Not in release | Not affected | Not in release |
python3.8 | — | Not in release | Not affected | Not affected | Not in release |
python3.9 | — | Not in release | Fixed | Not in release | Not in release |
CVE-2007-4559
Medium prioritySome fixes available 2 of 30
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python2.7...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python2.3 | — | — | — | — | — |
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
python2.7 | — | Ignored | Ignored | Ignored | Ignored |
python3.0 | — | — | — | — | — |
python3.1 | — | — | — | — | — |
python3.10 | — | Fixed | Not in release | Not in release | Not in release |
python3.11 | — | Ignored | Not in release | Not in release | Not in release |
python3.12 | — | Not in release | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release | Ignored |
python3.6 | — | Not in release | Not in release | Ignored | Not in release |
python3.7 | — | Not in release | Not in release | Ignored | Not in release |
python3.8 | — | Not in release | Ignored | Ignored | Not in release |
python3.9 | — | Not in release | Ignored | Not in release | Not in release |