Search CVE reports
1 – 5 of 5 results
CVE-2024-42992
Medium priorityRejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
1 affected package
pandas
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-31117
Medium prioritySome fixes available 4 of 23
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice....
3 affected packages
collada2gltf, pandas, ujson
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
collada2gltf | Not in release | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ujson | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2022-31116
Medium prioritySome fixes available 4 of 22
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of...
3 affected packages
collada2gltf, pandas, ujson
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
collada2gltf | Not in release | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ujson | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2021-45958
Medium prioritySome fixes available 4 of 19
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
2 affected packages
pandas, ujson
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pandas | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ujson | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2020-13091
Negligible priority** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because...
1 affected package
pandas
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pandas | Not affected | Not affected | Not affected | Not affected | Not affected |