Search CVE reports

61 – 70 of 70 results

Detailed view

Sort by:

CVE-2018-14647

Medium priority

Fixed

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would...

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Fixed	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Fixed	Not in release
python3.7	Not in release	Not in release	Not in release	Fixed	Not in release

CVE-2018-1000802

Medium priority

Fixed

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result...

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	—	—	Fixed	Fixed
python3.4	—	—	—	Not in release	Not in release
python3.5	—	—	—	Not in release	Not affected
python3.6	—	—	—	Not affected	Not in release
python3.7	—	—	—	Not affected	Not in release

CVE-2018-1061

Low priority

Some fixes available 5 of 8

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Not affected	Not in release
python3.7	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2018-1060

Low priority

Some fixes available 5 of 8

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	Not in release	Not affected	Not affected	Not affected	Fixed
python3.4	Not in release	Not in release	Not in release	Not in release	Not in release
python3.5	Not in release	Not in release	Not in release	Not in release	Fixed
python3.6	Not in release	Not in release	Not in release	Not affected	Not in release
python3.7	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2018-1000117

Medium priority

Not affected

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege....

4 affected packages

python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python3.4	—	Not in release	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release	Not affected
python3.6	—	Not in release	Not in release	Not affected	Not in release
python3.7	—	Not in release	Not in release	Not affected	Not in release

CVE-2017-18207

Low priority

Ignored

** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted...

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	Ignored	Ignored	Ignored	Ignored
python3.4	—	Not in release	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release	Ignored
python3.6	—	Not in release	Not in release	Ignored	Not in release
python3.7	—	Not in release	Not in release	Ignored	Not in release

CVE-2018-1000030

Low priority

Some fixes available 2 of 3

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...

7 affected packages

python2.6, python2.7, python3.2, python3.4, python3.5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.6	—	—	—	Not in release	Not in release
python2.7	—	—	—	Not affected	Fixed
python3.2	—	—	—	Not in release	Not in release
python3.4	—	—	—	Not in release	Not in release
python3.5	—	—	—	Not in release	Not affected
python3.6	—	—	—	Not affected	Not in release
python3.7	—	—	—	Not affected	Not in release

CVE-2017-17522

Medium priority

Ignored

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...

8 affected packages

jython, python2.6, python2.7, python3.2, python3.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
jython	—	Not affected	Not affected	Not affected	Not affected
python2.6	—	Not in release	Not in release	Not in release	Not in release
python2.7	—	Not affected	Not affected	Not affected	Not affected
python3.2	—	Not in release	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release	Not affected
python3.6	—	Not in release	Not in release	Not affected	Not in release
python3.7	—	Not in release	Not in release	Not affected	Not in release

CVE-2017-1000158

Medium priority

Fixed

CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)

5 affected packages

python2.7, python3.4, python3.5, python3.6, python3.7

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.7	—	Not affected	Not affected	Not affected	Fixed
python3.4	—	Not in release	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release	Fixed
python3.6	—	Not in release	Not in release	Not affected	Not in release
python3.7	—	Not in release	Not in release	Not affected	Not in release

CVE-2007-4559

Medium priority

Some fixes available 2 of 30

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...

16 affected packages

python2.3, python2.4, python2.5, python2.6, python2.7...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
python2.3	—	—	—	—	—
python2.4	—	—	—	—	—
python2.5	—	—	—	—	—
python2.6	—	—	—	—	—
python2.7	—	Ignored	Ignored	Ignored	Ignored
python3.0	—	—	—	—	—
python3.1	—	—	—	—	—
python3.10	—	Fixed	Not in release	Not in release	Not in release
python3.11	—	Ignored	Not in release	Not in release	Not in release
python3.12	—	Not in release	Not in release	Not in release	Not in release
python3.4	—	Not in release	Not in release	Not in release	Not in release
python3.5	—	Not in release	Not in release	Not in release	Ignored
python3.6	—	Not in release	Not in release	Ignored	Not in release
python3.7	—	Not in release	Not in release	Ignored	Not in release
python3.8	—	Not in release	Ignored	Ignored	Not in release
python3.9	—	Not in release	Ignored	Not in release	Not in release

Export to JSON

Results by page: