Search CVE reports
381 – 390 of 829 results
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits...
9 affected packages
python, python2.7, python3.10, python3.4, python3.5...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python | — | — | Not in release | Not in release | Not in release |
| python2.7 | — | — | Ignored | Ignored | Ignored |
| python3.10 | — | — | Ignored | Not in release | Not in release |
| python3.4 | — | — | Not in release | Not in release | Not in release |
| python3.5 | — | — | Not in release | Not in release | Not in release |
| python3.6 | — | — | Not in release | Not in release | Ignored |
| python3.7 | — | — | Not in release | Not in release | Ignored |
| python3.8 | — | — | Not in release | Ignored | Ignored |
| python3.9 | — | — | Not in release | Ignored | Not in release |
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
1 affected package
python-scciclient
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-scciclient | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.
1 affected package
python-exotel
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-exotel | — | — | Not affected | Not affected | Not affected |
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An...
1 affected package
python-opcua
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-opcua | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a...
9 affected packages
python2.7, python3.10, python3.11, python3.4, python3.5...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | Not affected | Not affected | Not affected |
| python3.10 | — | — | Fixed | Not in release | Not in release |
| python3.11 | — | — | Not affected | Not in release | Not in release |
| python3.4 | — | — | Not in release | Not in release | Not in release |
| python3.5 | — | — | Not in release | Not in release | Not in release |
| python3.6 | — | — | Not in release | Not in release | Not affected |
| python3.7 | — | — | Not in release | Not in release | Not affected |
| python3.8 | — | — | Not in release | Not affected | Not affected |
| python3.9 | — | — | Not in release | Fixed | Not in release |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | — | Fixed | Fixed | Not affected |
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker...
1 affected package
python-untangle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-untangle | — | — | Not in release | Not in release | Not in release |
untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may...
1 affected package
python-untangle
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-untangle | — | — | Not in release | Not in release | Not in release |
Azure Storage Library Information Disclosure Vulnerability
2 affected packages
python-azure, python-azure-storage
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-azure | Not affected | Not affected | Vulnerable | Not affected | Not affected |
| python-azure-storage | Not in release | Not in release | Not in release | Ignored | Ignored |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | — | Fixed | Fixed | Fixed |