Search CVE reports
411 – 420 of 829 results
Some fixes available 15 of 16
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 39 of 330
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apache2, apr-util, astropy, audacity, ayttm...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coda | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| harp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| mame | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| opencollada | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Not in release | Not affected | Not affected |
| python3.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sitecopy | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| tla | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| visp | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc | — | — | — | — | — |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 13 of 15
Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 15
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 15
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 11 of 16
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to...
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Fixed | Fixed | Fixed |
| python3.10 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Not affected | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.
1 affected package
python-pyo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pyo | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.
1 affected package
python-pyo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pyo | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | — | Fixed | Fixed | Not affected |
Some fixes available 3 of 5
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability...
1 affected package
python-pip
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | — | Not affected | Not affected | Fixed |