Search CVE reports

Toggle filters

371 – 380 of 829 results

CVE-2022-45198

Low priority
Fixed

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

2 affected packages

pillow, pillow-python2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
pillow Not affected Fixed Fixed Not affected
pillow-python2 Not in release Fixed Not in release
Show less packages

CVE-2022-42966

Medium priority
Needs evaluation

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method

1 affected package

python-cleo

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-cleo Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2022-45061

Medium priority

Some fixes available 15 of 18

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the...

10 affected packages

python, python2.7, python3.10, python3.11, python3.4...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python Not in release Not in release Not in release
python2.7 Not in release Not in release Fixed Fixed Fixed
python3.10 Not in release Not in release Fixed Not in release Not in release
python3.11 Not in release Not in release Fixed Not in release Not in release
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Fixed
python3.7 Not in release Not in release Fixed
python3.8 Not in release Fixed Fixed
python3.9 Not in release Fixed Not in release
Show all 10 packages Show less packages

CVE-2022-42919

High priority

Some fixes available 4 of 5

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles...

9 affected packages

python2.7, python3.10, python3.11, python3.4, python3.5...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python2.7 Not in release Not in release Not affected Not affected Not affected
python3.10 Not in release Not in release Fixed Not in release Not in release
python3.11 Not in release Not in release Fixed Not in release Not in release
python3.4 Not in release Not in release Not in release
python3.5 Not in release Not in release Not in release
python3.6 Not in release Not in release Not affected
python3.7 Not in release Not in release Not affected
python3.8 Not in release Not affected Not affected
python3.9 Not in release Fixed Not in release
Show all 9 packages Show less packages

CVE-2021-42553

Medium priority

Some fixes available 4 of 10

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library...

1 affected package

micropython

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
micropython Needs evaluation Fixed Fixed Fixed Not in release
Show less packages

CVE-2022-37454

Medium priority

Some fixes available 16 of 19

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the...

13 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.4 Not in release Fixed Not in release
php8.1 Not in release Not in release Fixed Not in release Not in release
pypy3 Not affected Not affected Fixed Fixed Not in release
pysha3 Not in release Not in release Fixed Fixed Needs evaluation
python3.10 Not in release Not in release Fixed Not in release Not in release
python3.11 Not in release Not in release Not affected Not in release Not in release
python3.6 Not in release Not in release Fixed
python3.7 Not in release Not in release Fixed
python3.8 Not in release Fixed Fixed
python3.9 Not in release Fixed Not in release
Show all 13 packages Show less packages

CVE-2022-42969

Medium priority
Ignored

The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument...

2 affected packages

py, python-py

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
py Not in release Not in release Not in release Not in release
python-py Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-41323

Medium priority
Fixed

In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.

1 affected package

python-django

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-django Fixed Fixed Not affected
Show less packages

CVE-2022-39254

Medium priority
Needs evaluation

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a...

1 affected package

python-matrix-nio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-matrix-nio Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2022-36087

Medium priority
Fixed

OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage...

1 affected package

python-oauthlib

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
python-oauthlib Fixed Not affected Not affected
Show less packages
  1. Previous page
  2. 36
  3. 37
  4. 38
  5. 39
  6. 40
  7. Next page
Export to JSON