Search CVE reports
1 – 10 of 16 results
CVE-2024-36039
Medium prioritySome fixes available 5 of 7
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.
1 affected package
python-pymysql
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pymysql | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-40587
Low priorityPyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a...
1 affected package
python-pyramid
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pyramid | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-4396
Medium priority** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting....
3 affected packages
py, python-pyrdfa, rdflib
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
py | — | Not in release | Not in release | Not in release | Ignored |
python-pyrdfa | Not affected | Needs evaluation | Not in release | Not in release | Ignored |
rdflib | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-42969
Medium priority** DISPUTED ** The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand...
2 affected packages
py, python-py
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
py | Not in release | Not in release | Not in release | Not in release | Ignored |
python-py | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-41499
Medium priorityBuffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.
1 affected package
python-pyo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pyo | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-41498
Medium priorityBuffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.
1 affected package
python-pyo
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pyo | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-21239
Medium prioritySome fixes available 6 of 7
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and...
1 affected package
python-pysaml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pysaml2 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2021-21238
Low priorityPySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are...
1 affected package
python-pysaml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pysaml2 | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2020-29651
Medium prioritySome fixes available 2 of 4
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame...
1 affected package
python-py
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-py | Not affected | Not affected | Fixed | Fixed | Vulnerable |
CVE-2020-5390
Medium priorityPySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object...
1 affected package
python-pysaml2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-pysaml2 | — | — | — | Fixed | Fixed |