Search CVE reports
331 – 340 of 829 results
Some fixes available 10 of 11
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python | Not in release | Not in release | Not in release | Not in release | Ignored |
| python2.7 | Not in release | Not in release | Fixed | Fixed | Fixed |
| python3.10 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.11 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.12 | Not in release | Not affected | Not in release | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Not affected | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it...
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python | — | Not in release | Not in release | Not in release | Ignored |
| python2.7 | — | Not in release | Not affected | Not affected | Not affected |
| python3.10 | — | Not in release | Not affected | Not in release | Not in release |
| python3.11 | — | Not in release | Not affected | Not in release | Not in release |
| python3.12 | — | Not affected | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not in release | Not affected |
| python3.7 | — | Not in release | Not in release | Not in release | Not affected |
| python3.8 | — | Not in release | Not in release | Not affected | Not affected |
| python3.9 | — | Not in release | Not in release | Not affected | Not in release |
Some fixes available 6 of 12
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
1 affected package
python-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-git | Needs evaluation | Needs evaluation | Fixed | Fixed | Fixed |
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates....
2 affected packages
python-certifi, python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-certifi | — | — | Ignored | Ignored | Ignored |
| python-pip | — | — | Ignored | Ignored | Ignored |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the...
1 affected package
python-aiohttp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiohttp | — | Not affected | Ignored | Not affected | Not affected |
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
1 affected package
python-cryptography
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-cryptography | — | — | Not affected | Not affected | Not affected |
Some fixes available 2 of 5
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes....
1 affected package
restrictedpython
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| restrictedpython | Not affected | Not affected | Fixed | Fixed | Not affected |
MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>`...
1 affected package
python-mechanicalsoup
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-mechanicalsoup | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page.
1 affected package
python-selenium
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-selenium | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 7
In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Not affected | Not affected | Fixed | Fixed | Fixed |