Search CVE reports
421 – 430 of 829 results
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
1 affected package
python-babel
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-babel | — | — | Not affected | Not affected | Not affected |
Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted XMPP Last Message Correction (XEP-0308) message in multi-user chat, where the message ID equals the correction ID.
1 affected package
python-nbxmpp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-nbxmpp | Not affected | Not affected | Not affected | Not affected | Not affected |
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described...
1 affected package
python-mkdocs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-mkdocs | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 7
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to...
1 affected package
python-scrapy
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-scrapy | — | Not affected | Not affected | Fixed | Fixed |
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....
7 affected packages
discque, hiredis, nginx, python-hiredis, redis...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| discque | Not in release | Not in release | Not in release | Not in release | Not in release |
| hiredis | Not affected | Not affected | Not affected | Not affected | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| python-hiredis | Not affected | Not affected | Not affected | Not affected | Not affected |
| redis | Not affected | Not affected | Not affected | Not affected | Not affected |
| rspamd | Not affected | Not affected | Not affected | Not affected | Not in release |
| webdis | Not affected | Not affected | Not affected | Not affected | Not in release |
The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory.
1 affected package
python-rencode
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-rencode | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 15 of 16
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python3.10 | — | Not in release | Not affected | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not in release | Fixed |
| python3.7 | — | Not in release | Not in release | Not in release | Fixed |
| python3.8 | — | Not in release | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Not in release | Fixed | Not in release |
Some fixes available 9 of 10
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The...
7 affected packages
python3.10, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python3.10 | — | Not in release | Not affected | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not in release | Fixed |
| python3.7 | — | Not in release | Not in release | Not in release | Fixed |
| python3.8 | — | Not in release | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Not in release | Fixed | Not in release |
Some fixes available 5 of 8
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Not affected | Not affected | Not affected | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |