Search CVE reports
291 – 300 of 829 results
Some fixes available 1 of 4
`python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made...
1 affected package
python-multipart
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-multipart | Not affected | Not affected | Fixed | Not in release | Not in release |
Some fixes available 8 of 10
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.
1 affected package
python-glance-store
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-glance-store | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
Some fixes available 3 of 4
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to...
1 affected package
python-aiohttp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiohttp | Not affected | Fixed | Fixed | Fixed | Ignored |
Some fixes available 4 of 9
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option...
1 affected package
python-aiohttp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiohttp | Needs evaluation | Fixed | Fixed | Fixed | Fixed |
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH...
1 affected package
python-ecdsa
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-ecdsa | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
1 affected package
python-asyncssh
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-asyncssh | — | — | Not affected | Not affected | Not affected |
Some fixes available 11 of 13
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs...
1 affected package
python-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-git | Not affected | Not affected | Not affected | Not affected | Not affected |
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an...
1 affected package
azure-uamqp-python
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| azure-uamqp-python | Not affected | Needs evaluation | Needs evaluation | Ignored | Not in release |
Some fixes available 46 of 95
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dropbear | Needs evaluation | Needs evaluation | Fixed | Fixed | Fixed |
| filezilla | Fixed | Fixed | Fixed | Fixed | Not affected |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libssh | Not affected | Not affected | Fixed | Fixed | Not affected |
| libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |
| openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored | Ignored |
| paramiko | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| proftpd-dfsg | Needs evaluation | Not affected | Not affected | Fixed | Needs evaluation |
| putty | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python-asyncssh | Fixed | Fixed | Fixed | Fixed | Ignored |
| snapd | Not affected | Not affected | Not affected | Not affected | Not affected |