Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2024-36039

Medium priority

Some fixes available 5 of 7

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

1 affected package

python-pymysql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pymysql Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-40587

Low priority
Needs evaluation

Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a...

1 affected package

python-pyramid

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pyramid Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-4396

Medium priority
Needs evaluation

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting....

3 affected packages

py, python-pyrdfa, rdflib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
py Not in release Not in release Not in release Ignored
python-pyrdfa Not affected Needs evaluation Not in release Not in release Ignored
rdflib Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-42969

Medium priority
Ignored

** DISPUTED ** The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand...

2 affected packages

py, python-py

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
py Not in release Not in release Not in release Not in release Ignored
python-py Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-41499

Medium priority
Needs evaluation

Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.

1 affected package

python-pyo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pyo Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-41498

Medium priority
Needs evaluation

Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.

1 affected package

python-pyo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pyo Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-21239

Medium priority

Some fixes available 6 of 7

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and...

1 affected package

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-21238

Low priority
Vulnerable

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are...

1 affected package

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Not affected Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2020-29651

Medium priority

Some fixes available 2 of 4

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame...

1 affected package

python-py

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-py Not affected Not affected Fixed Fixed Vulnerable
Show less packages

CVE-2020-5390

Medium priority
Fixed

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object...

1 affected package

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Fixed Fixed
Show less packages