Search CVE reports
1 – 10 of 25 results
Some fixes available 2 of 3
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...
7 affected packages
python2.6, python2.7, python3.2, python3.4, python3.5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
python2.6 | — | — | — | Not in release |
python2.7 | — | — | — | Not affected |
python3.2 | — | — | — | Not in release |
python3.4 | — | — | — | Not in release |
python3.5 | — | — | — | Not in release |
python3.6 | — | — | — | Not affected |
python3.7 | — | — | — | Not affected |
** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...
8 affected packages
jython, python2.6, python2.7, python3.2, python3.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
jython | — | Not affected | Not affected | Not affected |
python2.6 | — | Not in release | Not in release | Not in release |
python2.7 | — | Not affected | Not affected | Not affected |
python3.2 | — | Not in release | Not in release | Not in release |
python3.4 | — | Not in release | Not in release | Not in release |
python3.5 | — | Not in release | Not in release | Not in release |
python3.6 | — | Not in release | Not in release | Not affected |
python3.7 | — | Not in release | Not in release | Not affected |
Some fixes available 8 of 9
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
python2.6 | — | — | — | — |
python2.7 | — | — | — | — |
python3.1 | — | — | — | — |
python3.2 | — | — | — | — |
python3.3 | — | — | — | — |
python3.4 | — | — | — | — |
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...
6 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3, python3.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
python2.6 | — | — | — | — |
python2.7 | — | — | — | — |
python3.1 | — | — | — | — |
python3.2 | — | — | — | — |
python3.3 | — | — | — | — |
python3.4 | — | — | — | — |
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
python2.6 | — | — | — | — |
python2.7 | — | — | — | — |
python3.1 | — | — | — | — |
python3.2 | — | — | — | — |
python3.3 | — | — | — | — |
Some fixes available 8 of 9
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...
5 affected packages
python2.6, python2.7, python3.1, python3.2, python3.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
python2.6 | — | — | — | — |
python2.7 | — | — | — | — |
python3.1 | — | — | — | — |
python3.2 | — | — | — | — |
python3.3 | — | — | — | — |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | — | — | — | — |
apr-util | — | — | — | — |
audacity | — | — | — | — |
ayttm | — | — | — | — |
cableswig | — | — | — | — |
cadaver | — | — | — | — |
celementtree | — | — | — | — |
cmake | — | — | — | — |
coin3 | — | — | — | — |
expat | — | — | — | — |
gdcm | — | — | — | — |
ghostscript | — | — | — | — |
grmonitor | — | — | — | — |
insighttoolkit | — | — | — | — |
kompozer | — | — | — | — |
libparagui1.1 | — | — | — | — |
matanza | — | — | — | — |
paraview | — | — | — | — |
poco | — | — | — | — |
python-xml | — | — | — | — |
python2.4 | — | — | — | — |
python2.5 | — | — | — | — |
python2.6 | — | — | — | — |
simgear | — | — | — | — |
sitecopy | — | — | — | — |
smart | — | — | — | — |
swish-e | — | — | — | — |
tdom | — | — | — | — |
texlive-bin | — | — | — | — |
tla | — | — | — | — |
vnc4 | — | — | — | — |
vtk | — | — | — | — |
w3c-libwww | — | — | — | — |
wbxml2 | — | — | — | — |
wxwidgets2.6 | — | — | — | — |
wxwidgets2.8 | — | — | — | — |
wxwindows2.4 | — | — | — | — |
xmlrpc-c | — | — | — | — |
xotcl | — | — | — | — |
xulrunner | — | — | — | — |
Some fixes available 9 of 14
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...
6 affected packages
python2.4, python2.5, python2.6, python2.7, python3.1, python3.2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
python2.4 | — | — | — | — |
python2.5 | — | — | — | — |
python2.6 | — | — | — | — |
python2.7 | — | — | — | — |
python3.1 | — | — | — | — |
python3.2 | — | — | — | — |
Some fixes available 44 of 403
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...
41 affected packages
poco, celementtree, python-xml, paraview, kompozer...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
poco | Not affected | Not affected | Not affected | Not affected |
celementtree | Not in release | Not in release | Not in release | Not in release |
python-xml | Not in release | Not in release | Not in release | Not in release |
paraview | Not affected | Not affected | Not affected | Not affected |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
ayttm | Not in release | Not in release | Not in release | Not in release |
audacity | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
python2.4 | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored |
w3c-libwww | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
sitecopy | Not in release | Not affected | Not affected | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
matanza | Ignored | Ignored | Ignored | Ignored |
libxmltok | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable |
gdcm | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected |
vtk | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
grmonitor | Not in release | Not in release | Not in release | Not in release |
expat | Not affected | Not affected | Not affected | Not affected |
python2.6 | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed |
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
40 affected packages
expat, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
expat | — | — | — | Not affected |
apr-util | — | — | — | Ignored |
audacity | — | — | — | Not affected |
ayttm | — | — | — | Not in release |
cableswig | — | — | — | Not in release |
cadaver | — | — | — | Not affected |
coin3 | — | — | — | Not affected |
gdcm | — | — | — | Not affected |
insighttoolkit | — | — | — | Not in release |
matanza | — | — | — | Not affected |
paraview | — | — | — | Not affected |
poco | — | — | — | Not affected |
simgear | — | — | — | Not affected |
sitecopy | — | — | — | Not affected |
swish-e | — | — | — | Not affected |
tdom | — | — | — | Not affected |
texlive-bin | — | — | — | Ignored |
tla | — | — | — | Not affected |
vnc4 | — | — | — | Ignored |
vtk | — | — | — | Not in release |
wbxml2 | — | — | — | Not affected |
wxwidgets2.8 | — | — | — | Not in release |
apache2 | — | — | — | Ignored |
celementtree | — | — | — | Not in release |
cmake | — | — | — | Ignored |
ghostscript | — | — | — | Ignored |
grmonitor | — | — | — | Not in release |
kompozer | — | — | — | Not in release |
libparagui1.1 | — | — | — | Not in release |
python-xml | — | — | — | Not in release |
python2.4 | — | — | — | Not in release |
python2.5 | — | — | — | Not in release |
python2.6 | — | — | — | Not in release |
smart | — | — | — | Ignored |
w3c-libwww | — | — | — | Not in release |
wxwidgets2.6 | — | — | — | Not in release |
wxwindows2.4 | — | — | — | Not in release |
xmlrpc-c | — | — | — | Ignored |
xotcl | — | — | — | Not affected |
xulrunner | — | — | — | Not in release |