CVE search results

401 – 410 of 829 results

Detailed view

Sort by:

CVE-2022-26488

Medium priority

Not affected

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit,...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	—	—	Not affected	Not affected	Not affected
python3.10	—	—	Not affected	Not in release	Not in release
python3.4	—	—	Not in release	Not in release	Not in release
python3.5	—	—	Not in release	Not in release	Not in release
python3.6	—	—	Not in release	Not in release	Not affected
python3.7	—	—	Not in release	Not in release	Not affected
python3.8	—	—	Not in release	Not affected	Not affected
python3.9	—	—	Not in release	Not affected	Not in release

CVE-2022-0577

Low priority

Some fixes available 3 of 7

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.

1 affected package

python-scrapy

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-scrapy	Not affected	Not affected	Fixed	Fixed	Fixed

CVE-2022-0391

Medium priority

Some fixes available 12 of 15

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows...

8 affected packages

python2.7, python3.10, python3.4, python3.5, python3.6...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.7	Not in release	Not in release	Fixed	Fixed	Fixed
python3.10	Not in release	Not in release	Not affected	Not in release	Not in release
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Not in release
python3.6	Not in release	Not in release	Not in release	Not in release	Fixed
python3.7	Not in release	Not in release	Not in release	Not in release	Fixed
python3.8	Not in release	Not in release	Not in release	Fixed	Fixed
python3.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2022-23607

Medium priority

Needs evaluation

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are...

1 affected package

python-treq

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-treq	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-23833

Medium priority

Fixed

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files.

1 affected package

python-django

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-django	—	—	Fixed	Fixed	Fixed

CVE-2022-22818

Medium priority

Fixed

The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.

1 affected package

python-django

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-django	—	—	Fixed	Fixed	Fixed

CVE-2022-21699

Medium priority

Some fixes available 2 of 4

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution...

1 affected package

ipython

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipython	—	Not affected	Not affected	Fixed	Fixed

CVE-2022-22846

Low priority

Needs evaluation

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.

1 affected package

python-dnslib

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python-dnslib	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-22817

Medium priority

Some fixes available 4 of 5

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.

3 affected packages

pillow, pillow-python2, python-imaging

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pillow	Not affected	Not affected	Not affected	Fixed	Fixed
pillow-python2	Not in release	Not in release	Not in release	Needs evaluation	Not in release
python-imaging	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2022-22816

Low priority

Some fixes available 15 of 16

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

3 affected packages

pillow, pillow-python2, python-imaging

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
pillow	Fixed	Fixed	Fixed	Fixed	Fixed
pillow-python2	Not in release	Not in release	Not in release	Needs evaluation	Not in release
python-imaging	Not in release	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports