Search CVE reports
341 – 350 of 829 results
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an...
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python | — | — | Not in release | Not in release | Ignored |
| python2.7 | — | — | Not affected | Not affected | Not affected |
| python3.10 | — | — | Not affected | Not in release | Not in release |
| python3.11 | — | — | Not affected | Not in release | Not in release |
| python3.12 | — | — | Not in release | Not in release | Not in release |
| python3.4 | — | — | Not in release | Not in release | Not in release |
| python3.5 | — | — | Not in release | Not in release | Not in release |
| python3.6 | — | — | Not in release | Not in release | Not affected |
| python3.7 | — | — | Not in release | Not in release | Not affected |
| python3.8 | — | — | Not in release | Not affected | Not affected |
| python3.9 | — | — | Not in release | Not affected | Not in release |
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
11 affected packages
python, python2.7, python3.10, python3.11, python3.12...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python | — | — | Not in release | Not in release | Ignored |
| python2.7 | — | — | Not affected | Not affected | Not affected |
| python3.10 | — | — | Not affected | Not in release | Not in release |
| python3.11 | — | — | Not affected | Not in release | Not in release |
| python3.12 | — | — | Not in release | Not in release | Not in release |
| python3.4 | — | — | Not in release | Not in release | Not in release |
| python3.5 | — | — | Not in release | Not in release | Not in release |
| python3.6 | — | — | Not in release | Not in release | Not affected |
| python3.7 | — | — | Not in release | Not in release | Not affected |
| python3.8 | — | — | Not in release | Not affected | Not affected |
| python3.9 | — | — | Not in release | Not affected | Not in release |
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
1 affected package
python-reportlab
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-reportlab | — | Fixed | Fixed | Fixed | Not affected |
Some fixes available 13 of 15
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the...
2 affected packages
python-pip, requests
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | Not affected | Fixed | Fixed | Not affected |
| requests | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 5 of 10
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
2 affected packages
python-tornado, salt
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-tornado | Not affected | Not affected | Fixed | Fixed | Fixed |
| salt | Not in release | Not in release | Needs evaluation | Not in release | Needs evaluation |
Some fixes available 10 of 20
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...
5 affected packages
cinder, ironic, nova, python-glance-store, python-os-brick
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cinder | — | — | Fixed | Ignored | Ignored |
| ironic | — | — | Fixed | Ignored | Ignored |
| nova | — | — | Fixed | Ignored | Ignored |
| python-glance-store | — | — | Fixed | Ignored | Ignored |
| python-os-brick | — | — | Fixed | Ignored | Ignored |
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | — | Fixed | Fixed | Fixed |
Some fixes available 10 of 21
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker...
11 affected packages
python2.7, python3.10, python3.11, python3.12, python3.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Fixed | Fixed | Fixed |
| python3.10 | Not in release | Not in release | Fixed | Not in release | Not in release |
| python3.11 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| python3.12 | Not in release | Fixed | Not in release | Not in release | Not in release |
| python3.13 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Vulnerable |
| python3.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example,...
1 affected package
python-redis
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-redis | Vulnerable | Vulnerable | Not affected | Not affected | Not affected |
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was...
1 affected package
python-redis
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-redis | Vulnerable | Vulnerable | Not affected | Not affected | Not affected |