Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2024-42992

Medium priority
Needs evaluation

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

1 affected package

pandas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pandas Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-31117

Medium priority

Some fixes available 4 of 23

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice....

3 affected packages

collada2gltf, pandas, ujson

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
collada2gltf Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
pandas Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ujson Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-31116

Medium priority

Some fixes available 4 of 22

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of...

3 affected packages

collada2gltf, pandas, ujson

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
collada2gltf Not in release Needs evaluation Not in release Needs evaluation Needs evaluation
pandas Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ujson Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-45958

Medium priority

Some fixes available 4 of 19

UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.

2 affected packages

pandas, ujson

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pandas Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ujson Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-13091

Negligible priority
Ignored

** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because...

1 affected package

pandas

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pandas Not affected Not affected Not affected Not affected Not affected
Show less packages