Search CVE reports

321 – 330 of 829 results

Detailed view

Sort by:

CVE-2023-41164

Medium priority

Some fixes available 10 of 12

In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.

1 affected package

python-django

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-django	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2023-41040

Medium priority

Some fixes available 4 of 8

GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the...

1 affected package

python-git

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-git	Not affected	Not affected	Fixed	Fixed	Fixed

CVE-2023-41039

Medium priority

Some fixes available 2 of 4

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute...

1 affected package

restrictedpython

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
restrictedpython	Not affected	Not affected	Fixed	Fixed	Not affected

CVE-2023-40590

Negligible priority

Ignored

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the...

1 affected package

python-git

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-git	—	—	Ignored	Ignored	Ignored

CVE-2023-40587

Low priority

Needs evaluation

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a...

1 affected package

python-pyramid

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-pyramid	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-40217

Medium priority

Some fixes available 15 of 16

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side...

10 affected packages

python2.7, python3.10, python3.11, python3.12, python3.4...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Not in release	Fixed	Not in release	Ignored
python3.11	Not in release	Not in release	Fixed	Not in release	Ignored
python3.12	Not in release	Not affected	Not in release	Not in release	Ignored
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Not in release	Fixed	Ignored

CVE-2023-41105

Medium priority

Fixed

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which...

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Not in release	Not affected	Not affected	Not affected
python3.10	Not in release	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not in release	Fixed	Not in release	Not in release
python3.12	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not in release	Not affected
python3.7	Not in release	Not in release	Not in release	Not in release	Not affected
python3.8	Not in release	Not in release	Not in release	Not affected	Not affected
python3.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2022-48566

Medium priority

Some fixes available 10 of 12

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not in release	Not affected	Not in release	Not in release
python3.12	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2022-48565

Medium priority

Some fixes available 11 of 12

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not in release	Not affected	Not in release	Not in release
python3.12	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not in release	Not affected	Fixed
python3.9	Not in release	Not in release	Not in release	Fixed	Not in release

CVE-2022-48564

Medium priority

Some fixes available 8 of 11

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

11 affected packages

python, python2.7, python3.10, python3.11, python3.12...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python	Not in release	Not in release	Not in release	Not in release	Ignored
python2.7	Not in release	Not in release	Needs evaluation	Needs evaluation	Fixed
python3.10	Not in release	Not in release	Not affected	Not in release	Not in release
python3.11	Not in release	Not in release	Not affected	Not in release	Not in release
python3.12	Not in release	Not affected	Not in release	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not in release	Not affected	Fixed
python3.9	Not in release	Not in release	Not in release	Not affected	Not in release

Export to JSON

Results by page: