Search CVE reports

1 – 10 of 25 results

Detailed view

Sort by:

CVE-2018-1000030

Low priority

Some fixes available 2 of 3

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...

7 affected packages

python2.6, python2.7, python3.2, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.6	—	—	—	Not in release
python2.7	—	—	—	Not affected
python3.2	—	—	—	Not in release
python3.4	—	—	—	Not in release
python3.5	—	—	—	Not in release
python3.6	—	—	—	Not affected
python3.7	—	—	—	Not affected

CVE-2017-17522

Medium priority

Ignored

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...

8 affected packages

jython, python2.6, python2.7, python3.2, python3.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
jython	—	Not affected	Not affected	Not affected
python2.6	—	Not in release	Not in release	Not in release
python2.7	—	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release
python3.6	—	Not in release	Not in release	Not affected
python3.7	—	Not in release	Not in release	Not affected

CVE-2014-1912

Medium priority

Some fixes available 8 of 9

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.6	—	—	—	—
python2.7	—	—	—	—
python3.1	—	—	—	—
python3.2	—	—	—	—
python3.3	—	—	—	—
python3.4	—	—	—	—

CVE-2013-7338

Low priority

Ignored

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3)...

6 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3, python3.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.6	—	—	—	—
python2.7	—	—	—	—
python3.1	—	—	—	—
python3.2	—	—	—	—
python3.3	—	—	—	—
python3.4	—	—	—	—

CVE-2013-7040

Low priority

Ignored

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.6	—	—	—	—
python2.7	—	—	—	—
python3.1	—	—	—	—
python3.2	—	—	—	—
python3.3	—	—	—	—

CVE-2013-4238

Medium priority

Some fixes available 8 of 9

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a ‘\0’ character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle...

5 affected packages

python2.6, python2.7, python3.1, python3.2, python3.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.6	—	—	—	—
python2.7	—	—	—	—
python3.1	—	—	—	—
python3.2	—	—	—	—
python3.3	—	—	—	—

CVE-2013-0340

Medium priority

Ignored

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2012-1150

Medium priority

Some fixes available 9 of 14

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause...

6 affected packages

python2.4, python2.5, python2.6, python2.7, python3.1, python3.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
python2.7	—	—	—	—
python3.1	—	—	—	—
python3.2	—	—	—	—

CVE-2012-1148

Low priority

Some fixes available 44 of 403

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...

41 affected packages

poco, celementtree, python-xml, paraview, kompozer...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
poco	Not affected	Not affected	Not affected	Not affected
celementtree	Not in release	Not in release	Not in release	Not in release
python-xml	Not in release	Not in release	Not in release	Not in release
paraview	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
python2.4	Not in release	Not in release	Not in release	Not in release
python2.5	Not in release	Not in release	Not in release	Not in release
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
w3c-libwww	Not in release	Not in release	Not in release	Not in release
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
sitecopy	Not in release	Not affected	Not affected	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected
xulrunner	Not in release	Not in release	Not in release	Not in release
insighttoolkit	Not in release	Not in release	Not in release	Not in release
cableswig	Not in release	Not in release	Not in release	Not in release
matanza	Ignored	Ignored	Ignored	Ignored
libxmltok	Fixed	Fixed	Fixed	Fixed
xotcl	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
grmonitor	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
python2.6	Not in release	Not in release	Not in release	Not in release
wxwindows2.4	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Fixed	Fixed	Fixed	Fixed

CVE-2012-1147

Low priority

Ignored

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

40 affected packages

expat, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
expat	—	—	—	Not affected
apr-util	—	—	—	Ignored
audacity	—	—	—	Not affected
ayttm	—	—	—	Not in release
cableswig	—	—	—	Not in release
cadaver	—	—	—	Not affected
coin3	—	—	—	Not affected
gdcm	—	—	—	Not affected
insighttoolkit	—	—	—	Not in release
matanza	—	—	—	Not affected
paraview	—	—	—	Not affected
poco	—	—	—	Not affected
simgear	—	—	—	Not affected
sitecopy	—	—	—	Not affected
swish-e	—	—	—	Not affected
tdom	—	—	—	Not affected
texlive-bin	—	—	—	Ignored
tla	—	—	—	Not affected
vnc4	—	—	—	Ignored
vtk	—	—	—	Not in release
wbxml2	—	—	—	Not affected
wxwidgets2.8	—	—	—	Not in release
apache2	—	—	—	Ignored
celementtree	—	—	—	Not in release
cmake	—	—	—	Ignored
ghostscript	—	—	—	Ignored
grmonitor	—	—	—	Not in release
kompozer	—	—	—	Not in release
libparagui1.1	—	—	—	Not in release
python-xml	—	—	—	Not in release
python2.4	—	—	—	Not in release
python2.5	—	—	—	Not in release
python2.6	—	—	—	Not in release
smart	—	—	—	Ignored
w3c-libwww	—	—	—	Not in release
wxwidgets2.6	—	—	—	Not in release
wxwindows2.4	—	—	—	Not in release
xmlrpc-c	—	—	—	Ignored
xotcl	—	—	—	Not affected
xulrunner	—	—	—	Not in release

Export to JSON

Results by page: