Search CVE reports
441 – 450 of 829 results
Some fixes available 15 of 17
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 17
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
3 affected packages
pillow, pillow-python2, python-imaging
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pillow | Fixed | Fixed | Fixed | Fixed | Fixed |
| pillow-python2 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| python-imaging | Not in release | Not in release | Not in release | Not in release | Not in release |
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed...
1 affected package
python-eventlet
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-eventlet | — | — | Fixed | Fixed | Not affected |
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | — | Fixed | Fixed | Fixed |
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
8 affected packages
python2.7, python3.10, python3.4, python3.5, python3.6...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not in release | Not affected | Not affected | Not affected |
| python3.10 | — | Not in release | Not affected | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Not in release | Not affected |
| python3.7 | — | Not in release | Not in release | Not in release | Not affected |
| python3.8 | — | Not in release | Not in release | Fixed | Fixed |
| python3.9 | — | Not in release | Not in release | Fixed | Not in release |
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | — | — | Fixed | Fixed | Fixed |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
1 affected package
python-babel
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-babel | — | — | — | Fixed | Fixed |
Some fixes available 15 of 16
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the...
1 affected package
python-django-registration
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django-registration | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't...
2 affected packages
python-pip, python-urllib3
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | — | — | Not affected | Not affected |
| python-urllib3 | — | — | — | Not affected | Not affected |