Search CVE reports
1 – 10 of 29 results
CVE-2018-1000030
Low prioritySome fixes available 2 of 3
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not...
7 affected packages
python2.6, python2.7, python3.2, python3.4, python3.5...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.6 | — | — | — | Not in release | Not in release |
| python2.7 | — | — | — | Not affected | Fixed |
| python3.2 | — | — | — | Not in release | Not in release |
| python3.4 | — | — | — | Not in release | Not in release |
| python3.5 | — | — | — | Not in release | Not affected |
| python3.6 | — | — | — | Not affected | Not in release |
| python3.7 | — | — | — | Not affected | Not in release |
CVE-2017-17522
Medium priority** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct...
8 affected packages
jython, python2.6, python2.7, python3.2, python3.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| jython | — | Not affected | Not affected | Not affected | Not affected |
| python2.6 | — | Not in release | Not in release | Not in release | Not in release |
| python2.7 | — | Not affected | Not affected | Not affected | Not affected |
| python3.2 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Not affected |
| python3.6 | — | Not in release | Not in release | Not affected | Not in release |
| python3.7 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2016-5699
Medium prioritySome fixes available 4 of 5
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not affected | Not affected | Not affected | Not affected |
| python3.2 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Not affected |
CVE-2016-5636
Medium prioritySome fixes available 7 of 10
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which...
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not affected | Not affected | Not affected | Fixed |
| python3.2 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Fixed |
CVE-2016-0772
Medium prioritySome fixes available 7 of 10
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by...
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not affected | Not affected | Not affected | Fixed |
| python3.2 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Fixed |
CVE-2016-1000110
Medium prioritySome fixes available 7 of 10
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | Not affected | Not affected | Not affected | Fixed |
| python3.2 | — | Not in release | Not in release | Not in release | Not in release |
| python3.4 | — | Not in release | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release | Fixed |
CVE-2013-7440
Low priorityThe ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2015-5652
Low priorityUntrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was...
4 affected packages
python2.7, python3.2, python3.4, python3.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | Not affected | Not affected |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | Not in release | Not in release |
| python3.5 | — | — | — | Not in release | Not affected |
CVE-2013-1753
Medium priorityThe gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | — |
| python3.2 | — | — | — | — | — |
| python3.4 | — | — | — | — | — |
CVE-2014-9365
Medium prioritySome fixes available 1 of 4
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust...
3 affected packages
python2.7, python3.2, python3.4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python2.7 | — | — | — | — | Not affected |
| python3.2 | — | — | — | — | Not in release |
| python3.4 | — | — | — | — | Not in release |