Search CVE reports

Toggle filters

231 – 240 of 829 results

CVE-2024-7592

Low priority

Some fixes available 10 of 16

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an...

11 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not in release Fixed Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Fixed Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation
python3.10 Not in release Not in release Fixed Not in release
python3.11 Not in release Not in release Needs evaluation Not in release
python3.12 Not in release Fixed Not in release Not in release
python3.13 Not in release Not in release Not in release Not in release
Show all 11 packages Show less packages

CVE-2024-6221

Medium priority
Fixed

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external...

1 affected package

python-flask-cors

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-flask-cors Not affected Fixed Fixed Fixed
Show less packages

CVE-2024-42353

Medium priority

Some fixes available 7 of 9

WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and...

1 affected package

python-webob

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-webob Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-42367

Medium priority
Ignored

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are...

1 affected package

python-aiohttp

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-aiohttp Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-42005

Medium priority
Fixed

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Not affected Not affected
Show less packages

CVE-2024-41991

Medium priority

Some fixes available 8 of 10

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-41990

Medium priority

Some fixes available 8 of 10

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-41989

Medium priority

Some fixes available 8 of 10

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a...

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-6923

Medium priority

Some fixes available 8 of 14

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

11 affected packages

python3.5, python2.7, python3.4, python3.6, python3.7...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python3.5 Not in release Not in release Not in release Not in release Not in release
python2.7 Not in release Not in release Fixed Fixed Fixed
python3.4 Not in release Not in release Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not in release Needs evaluation
python3.7 Not in release Not in release Not in release Not in release Needs evaluation
python3.8 Not in release Not in release Not in release Fixed Needs evaluation
python3.9 Not in release Not in release Not in release Needs evaluation Not in release
python3.10 Not in release Not in release Fixed Not in release Not in release
python3.11 Not in release Not in release Needs evaluation Not in release Not in release
python3.12 Not in release Fixed Not in release Not in release Not in release
python3.13 Not in release Not in release Not in release Not in release Not in release
Show all 11 packages Show less packages

CVE-2024-3219

Medium priority
Not affected

The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local...

10 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not affected Not affected Not affected
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not in release Not affected
python3.7 Not in release Not in release Not in release Not affected
python3.8 Not in release Not in release Not affected Not affected
python3.9 Not in release Not in release Not affected
python3.10 Not in release Not affected Not in release
python3.11 Not in release Not affected Not in release
python3.12 Not affected Not in release Not in release
Show all 10 packages Show less packages
  1. Previous page
  2. 22
  3. 23
  4. 24
  5. 25
  6. 26
  7. Next page
Export to JSON