Search CVE reports
361 – 370 of 829 results
mechanize, a library for automatically interacting with HTTP web servers, contains a regular expression that is vulnerable to regular expression denial of service (ReDoS) prior to version 0.4.6. If a web server responds in a...
1 affected package
python-mechanize
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-mechanize | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through...
1 affected package
python-srp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-srp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
1 affected package
python-future
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-future | — | — | Fixed | Fixed | Fixed |
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
2 affected packages
python-pip, wheel
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | — | Fixed | Fixed | Fixed |
| wheel | — | — | Fixed | Fixed | Fixed |
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in...
3 affected packages
python-pip, python-setuptools, setuptools
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | — | Fixed | Fixed | Fixed |
| python-setuptools | — | — | Fixed | Fixed | Fixed |
| setuptools | — | — | Fixed | Fixed | Not in release |
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased...
2 affected packages
openstack, python-oslo.privsep
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openstack | — | — | Not in release | Not in release | Not in release |
| python-oslo.privsep | — | — | Ignored | Ignored | Ignored |
A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be...
3 affected packages
py, python-pyrdfa, rdflib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| py | — | — | Not in release | Not in release | Not in release |
| python-pyrdfa | Not affected | Not affected | Vulnerable | Not in release | Not in release |
| rdflib | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be...
1 affected package
sentry-python
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sentry-python | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Not in release |
Some fixes available 6 of 13
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this...
2 affected packages
gitpython, python-git
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gitpython | — | — | Not in release | Not in release | Not in release |
| python-git | Needs evaluation | Needs evaluation | Fixed | Fixed | Fixed |
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
2 affected packages
pillow, pillow-python2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | — | — | Not affected | Not affected | Not affected |
| pillow-python2 | — | — | Not in release | Not affected | Not in release |